Installing suPHP

If you’re a PHP developer, you’ve probably had to mess with Linux file permissions at one point or another. The user account that you upload/edit your scripts with is, in a normal LAMP configuration, not the same user that will be executing your scripts (that will be the webserver user, www-data on a Ubuntu server). This prevents many scripts from working out of the box and requires you to change the permissions of files and directories that your script needs to edit, to a probably unsecure value. A good example of this is the auto-upgrade and installation of Wordpress and its plugins.

Fortunately, we have suPHP. SuPHP is an alternative “link module” that connects Apache to PHP, and causes PHP scripts to be executed with the user that owns them. On an Ubuntu server, it’s really easy to install and configure. Here’s how I did it:

First, we install suPHP:

aptitude install libapache2-mod-suphp

Then, we disable the default PHP module:

a2dismod php5

This should be enough to make suPHP work for scripts in your global document root (e.g. /var/www). There’s a security check though, which causes execution of scripts outside that directory (e.g. in /home/bart/public_html) to not execute. To fix this issue, open /etc/suphp/suphp.conf and put a semicolon in front of:

docroot=/var/www

This is all I needed to make automatic upgrades in Wordpress work.