Evren Yurtesen Advertisement
Home arrow Articles arrow Easiest way to enable suPHP on H-Sphere
Thursday, 20 November 2008
  
 
Main Menu
Home
News
Blog
Articles
Links
Downloads
Contact Us
Search
News Feeds
FAQs
Newsflash

The http://dev.yurtesen.com is officially opened! You can register and submit your articles and guides. We will examine them and publish.
 
Easiest way to enable suPHP on H-Sphere Print
Written by Evren Yurtesen   
Tuesday, 06 June 2006

In this article we will discuss how to install and enable suPHP on our H-Sphere web servers. This applies to 2.5+ versions of H-Sphere

NOTE: Somebody told that on Linux UID's start from 500 etc. so you might need  to consider those facts about your system(or use FreeBSD :) ). I have made this work on FreeBSD only.

1- Install suPHP 0.5.2 (I couldnt get 0.6.x to work at the time of this writing)
./configure --prefix=/usr/local/suphp --with-apxs=/hsphere/shared/apache/bin/apxs --with-min-uid=1000 --with-min-gid=1000 --with-apache-user=httpd --with-php=/hsphere/shared/php4/bin/php-cgi --with-logfile=/var/log/suphp_log --with-setid-mode=owner
make install

2- Create custom apache.conf to enable suPHP using the instructions from the URL below.
http://www.psoft.net/HSdocumentation/sysadmin/conf_file_template_customization.html#apache

While enabling suphp DO NOT disable mod_php. It will be needed for WebShell, phpMySQL etc.

-> Add the following lines to httpd.conf (with template instructions)
-> (they exist in the default httpd.conf but only commented out)

LoadModule suphp_module       libexec/mod_suphp.so
AddModule mod_suphp.c

-> Add the following lines to httpd.conf (with template instructions)

<IfModule mod_suphp.c>
  suPHP_Engine On
  # The line below might be needed in suPHP 0.6.x versions
  #suPHP_AddHandler x-httpd-php
  <Directory "/hsphere/local/home">
    AddHandler x-httpd-php .php
    AddHandler x-httpd-php .php3
    AddHandler x-httpd-php .phps
  </Directory>
</IfModule>

3- Create custom php.ini to enable safe_mode etc. using the instructions from the URL below.
The problem is that we do not want people to execute system programs like 'ls' etc. with which
they can see everything.
http://www.psoft.net/HSdocumentation/sysadmin/conf_file_template_customization.html#php4

-> Create a /usr/local/safebin directory
-> Set the following in php.ini (with template instructions)

safe_mode = On
safe_mode_exec_dir = /usr/local/safebin

-> I also recommend the setting below since this is the most common loophole that hackers use.

allow_url_fopen = Off

4- Set permissions in your user homedirs with the following script. This will change a lot of
permissions so use with caution.

masschange.sh
----------------------------------------------
#!/bin/sh

cd "/hsphere/local/home/"

/bin/ls -1|while read user
do
  /usr/sbin/chown -R "$user:$user" "$user"
  /bin/chmod -R 755 "$user"
done
----------------------------------------------
Last Updated ( Wednesday, 14 March 2007 )
 
< Prev
[ Back ]
Google Search
Donate For My Work

Amazon Search


 
Top!
© 2008 Evren Yurtesen
Joomla! is Free Software released under the GNU/GPL License.
 Top!