Tag Archives: suexec

Apache, PHP, SuEXEC: added security and control

suhosin
As we know from original article using Apache, PHP in CGI mode along with suExec gives us 2 important security advantages:
– suExec allows to run PHP process with (only) the file owner user privileges, enforcing proper permissions on PHP scripts and thus allowing to avoid cross-site exploits on the server that is running multiple dynamic web sites;
– per site php.ini.
That gives some unique opportunities for securing separate web sites on the server.
Read more »

Share Button

Apache, PHP, SuEXEC: lessons learned

I’ve been running PHP in fastcgi mode with suExec for some time on about 50+ servers with different workload and various content. There are some tips and tricks that can improve the performance and increase the stability of such configuration.
Read more »

Share Button

Apache2, PHP, SuEXEC: legacy CGI for ClipShare and the rest of them

In this article we configured apache2 with php as suExec CGI module. The configuration is a little bit more complicated then regular mod_php but offers definite advantage with php running with script owner privileges.
However there could be situations where this creates additional problems.
Read more »

Share Button

Apache2, PHP, SuEXEC configuration on CentOS

There are plenty of tutorials on the web. Tons and tons.

However when I had to create working configuration and put together Virtualmin template most of these instruction just didn’t work properly. After some time I’ve came up with my own working configuration and proper Virtualmin apache template for CentOS.

As a bonus we’ll have per-user php.ini and apache2 worker MPM which is a little bit faster and less resource hungry then traditional prefork MPM.
Read more »

Share Button