XeonBD Official Blog

What is suPHP and what are the benefits?

The earlier version was PHPsuExec but that is quickly being replaced by suPHP and the two do basically the same thing.
suPHP provides an additional layer of protection on servers. It causes php scripts to run under the account username instead of the user ‘nobody’ which is the user that apache/php would run under on a server that is not running suPHP. This feature allows us to more easily track any potential security breaches that come in via insecure php script(s) that a user is running.

suPHP also does away with the requirement of using 777 permissions on directories/files that need write permission. In fact if a directory and/or file has the permission set to (CHMOD) 777 and it is access via a browser, then an internal server error 500 will be generated. The highest level of permissions that a user can use on a suPHP enabled server is 755. This permission setting is sufficient enough for any directories/files that needs to be written to.

The benefit of using suPHP besides better security, is that it will make any PHP applications (most often CMS systems) such as Mambo more user friendly. Case in point: If you upload/install anything via Mambo such as a template on a non-suphp server, then those template files will be owned by ‘nobody’ and you will not be able to edit them manually or even delete them from your account. This ownership issue is done away with suPHP. On a suPHP enabled server, those same template files will be owned by the account username and the account holder will be able to manipulate those files as he sees fit.

No longer do you need to use (chmod) the dangerous file permission of 666 or the folder permission of 777 to make things writable.

The correct permissions should be:

• Writable Folders: 755
• Writable Files: 644
• Files that need to be un-writable: 444

No related posts.