Hi,
When browsing along this forum i read a lot about people using suPHP for running PHP under the UID/GID of the UNIX user.
But in my opinion suPHP is unhandy.
Unhandy? Why?
- You can't define php_value things in your httpd.conf and .htaccess files
- it is slower than running PHP as a module
- You get a wrapper around your PHP, which brings some troubles
- Only php gets executed under a specified user, not the whole virtual host
With mod_ruid you can run a complete virtualhost under a specified user/group, this increases your security big time, since you can chmod all files 600 in the public_html directory (except for .htaccess files).
You can use the following permissions with mod_ruid
- directories: 755
- files (PHP, HTML, etc): 600
- .htaccess / .htpasswd: 644
Directories and .htaccess have to be world-readable since mod_ruid switches to the specified user after scanning the directory and reading .htaccess files.
Since all your files can be 600, there is no harm done when a user can do a dirlist since they can't read the files in the directory.
I am using mod_ruid on more then 20 DirectAdmin (Apache 2) servers now and on more then 40 other webservers and i never had any issues or security flaws with it.
Is this module even know here?
homepage: http://websupport.sk/~stanojr/projects/mod_ruid/
When browsing along this forum i read a lot about people using suPHP for running PHP under the UID/GID of the UNIX user.
But in my opinion suPHP is unhandy.
Unhandy? Why?
- You can't define php_value things in your httpd.conf and .htaccess files
- it is slower than running PHP as a module
- You get a wrapper around your PHP, which brings some troubles
- Only php gets executed under a specified user, not the whole virtual host
With mod_ruid you can run a complete virtualhost under a specified user/group, this increases your security big time, since you can chmod all files 600 in the public_html directory (except for .htaccess files).
You can use the following permissions with mod_ruid
- directories: 755
- files (PHP, HTML, etc): 600
- .htaccess / .htpasswd: 644
Directories and .htaccess have to be world-readable since mod_ruid switches to the specified user after scanning the directory and reading .htaccess files.
Since all your files can be 600, there is no harm done when a user can do a dirlist since they can't read the files in the directory.
I am using mod_ruid on more then 20 DirectAdmin (Apache 2) servers now and on more then 40 other webservers and i never had any issues or security flaws with it.
Is this module even know here?
homepage: http://websupport.sk/~stanojr/projects/mod_ruid/