Installing suPHP on Mediatemple Dedicated-Virtual (dv) server with Plesk 8.6.0 and Virtuozzo
UPDATE: I have included a script to change permissions for all the websites hosted in Plesk in order to make the installation easier
Today I had to install suPHP on a MediaTemple Dedicated-Virtual (dv) server with Plesk. The main reason why I had to do this was because we were migrating a site from Bluehost hosting services to GoDaddy (And they FAIL, like always). We configured our customer new VPS (Which GoDaddy provisioned in two or three days, which is VERY SLOW for any VPS hosting company – this normally takes from 5 minutes to 2 hours MAX), but that isn’t the worst point. After we configured the server that came with cPanel (We used cPanel’s EasyApache script) to update PHP + Apache + Installing suPHP + other tweaks, we migrated the website from Bluehost to this GoDaddy server but we were getting a warning on the cPanel install that it was a Trial Version (Our customer bought a license) so our customer contacted GoDaddy Support and they said that we have to re-provision the server since the cPanel license wasn’t applied :/
So we had to move the site over to our server which was running cPanel too (This is really easy using Transfer feature in cPanel) and then re-provisioned the customer server, but since this will take another 48-72 hours our customer decided to rent a VPS in MediaTemple (Which offered Plesk instead of cPanel, I personally prefer cPanel because it allows you to tweak the software running on your server like installing Suhosin, suPHP, upgrading PHP/Apache, etc) so we had to migrate the site AGAIN from our server to MediaTemple Dedicated-Virtual (dv) server.
Finally the site was running in MediaTemple server, the site uses WordPress Bloggin software and since Plesk doesn’t come with suPHP a lot of issues popped up, some of them were:
- Problems with image uploads in the Admin backend
- Problems removing plugins
- Problems when editing customized theme
- Etc
So we needed to install suPHP to mitigate all of this issues without chmodding *.* to 777 WHICH IS A VERY BAD THING (Consider yourself warned!).
But since Plesk doesn’t come with suPHP by default we had to install it from source, so here is the process:
Prerequisites:
- SSH Root Access to your MediaTemple server
- Install Development Tools
In your MediaTemple WebControl you have to click on:
Root Access & Developer Tools
Enable root access and install development tools.
Then after you installed your Development Tools (Will take 5 to 10 minutes) I recommend you to install the Yum Package Manger since MediaTemple Dedicated-Virtual (dv) server doesn’t come with it:
rpm -Uvh http://mirror.centos.org/centos/5/os/i386/CentOS/python-iniparse-0.2.3-4.el5.noarch.rpmrpm -Uvh http://mirror.centos.org/centos/5/os/i386/CentOS/yum-3.2.22-26.el5.centos.noarch.rpm http://mirror.centos.org/centos/5/os/i386/CentOS/yum-fastestmirror-1.1.16-14.el5.centos.1.noarch.rpm
Now download the last version of suPHP (Which in this moment is 0.71):
wget http://www.suphp.org/download/suphp-0.7.1.tar.gztar -zxvf suphp-0.7.1.tar.gz
cd suphp-0.7.1
./configure --with-apxs=/usr/sbin/apxs --with-php=/usr/bin/php-cgi --with-logfile=/var/log/suphp.log --with-min-uid=30 --with-min-gid=30 --with-apache-user=apache --with-apr=/usr/bin/apr-1-config --with-setid-mode=owner --prefix=/usr --sysconfdir=/etc
make
make install
cd /etc/httpd/conf.d/
Create a new file called suphp.conf with this content:
LoadModule suphp_module modules/mod_suphp.so<Directory /var/www/vhosts>
php_admin_value engine off
suPHP_Engine On
AddHandler x-httpd-php .php .php3 .php4 .php5
suPHP_AddHandler x-httpd-php
</Directory>
Now we have to create the configuration file for suPHP located at /etc/suphp.conf with the following content:
[global]
;Path to logfile
logfile=/var/log/suphp.log;Loglevel
loglevel=none;User Apache is running as
webserver_user=apache;Path all scripts have to be in
docroot=/var/www/vhosts; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=false;Send minor error messages to browser
errors_to_browser=false;PATH environment variable
env_path=/bin:/usr/bin;Umask to set, specify in octal notation
umask=0022; Minimum UID
min_uid=30; Minimum GID
min_gid=30[handlers]
;Handler for php-scripts
x-httpd-php="php:/usr/bin/php-cgi"
;Handler for CGI-scripts
x-suphp-cgi="execute:!self"
Now we backup the actual Apache configuration:
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bkp
And now we have to comment the following lines in the file /etc/httpd/conf/httpd.conf (In my file are the last lines):
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
Now you have to change the file permissions to 0644 for files and 755 for directories. Let’s go to the website directory:
cd /var/www/vhosts/<DOMAIN>/httpdocs/
Note: <DOMAIN> is the website you want to change permissions to
And now we will execute the following command to change the file and directories permissions, change file ownership and restart the Apache service:
find . -type f -exec chmod 644 {} \;; find . -type d -exec chmod 755 {} \;; find . -exec chown <USER>:psacln {} \;; service httpd restart
Note: <USER> is the system user for the domain
UPDATE:
If you want to do this automatically for all users hosting their website in your server you can run the following script instead of the above long command:
#!/bin/bashwhile IFS=':' read -r login pass uid gid uname homedir comment; do
if [[ "$homedir" = **/var/www/vhosts/** ]]; then
if [ -d "$homedir/httpdocs" ]; then
find $homedir/httpdocs -type f -exec chmod 644 {} \;;
find $homedir/httpdocs -type d -exec chmod 755 {} \;;
find $homedir/httpdocs -exec chown $login:psacln {} \;
fi
fi
done < /etc/passwd
service httpd restart
You should check if in your httpdocs directory exists a php.ini file since this will be loaded as your default PHP configuration file so check that this file is correct.
I hope that this guide helps you to run your websites securely in your Plesk server.
Thank you for reading!
Great article. Just what I was looking for. I went through all of the steps and everything went smoothly after I figured out that the long dash (–with) was actually two dashes (–with). I think that’s right anyway. I’m not terribly savvy with such things.
A few questions though. I don’t have the php.ini file in my var/www/vhosts//httpdocs directory. can you elaborate on that and perhaps give an example of that file. Am I supposed to create that by hand?
Also. How do I know if the install worked? I don’t see anything in my php info that says “hey suphp is running strong!”. Is there any easy way to detect if suPHP was installed correctly?
thanks
Hi Shag,
I’m glad that this article helped you to install suPHP on your server.
About the php.ini file this is optional, but if you have one in your domain httpdocs it will override the default one. Having a php.ini file for each domain is good to set a tmp directory for each file where files will be uploaded and also session information. You can find the php.ini files in your server executing the following command:
find / -name php.ini
Then you can copy it to your domain httpdocs directory and modify it to your taste.
To check if suPHP is running ok you can create this PHP file:
This will show the user that is running that script, it should be the owner of the file (Which can’t be root or the Apache default user).
I hope this clarify you how to test your suPHP, if you want our company to configure your server to run suPHP smoothly you can go to http://www.am-techsys.com and fill a ticket, our rates are very low.
Thank you very much for your time reading my post.
Best regards,
Andres Montalban
Thanks for the reply. The code for checking suPHP didn’t show up though? can you repost?
I think it is working though. Now if I change directory permissions on my server to 777 I get a 500 error, which is an indicator that suPHP is running from what I understand?
And I’ll definitely keep your tech services in mind the next time I get in over my head.
thanks, Shag
Great tutorial!
Any particular reason you used suPHP over FastCGI+SuExec?
Hi Andrew,
Thank you for your comment! I used suPHP because I knew it better but I have researched for your solution of FastCGI+SuExec and it seems better! Will try to test it in future deployments
.
Thank you for your recommendation!
Best regards,
Andres Montalban
SuExec runs slower than suPHP.
http://blog.stuartherbert.com/php/2008/01/18/using-suphp-to-secure-a-shared-server/
Hi Andres,
Thanks so much for the script. I believe I have installed it correctly, but I’m not so sure. I wasn’t testing it on joomla or wp, but on a php based file manager.
After running the chmod process and apache reboot, it crippled this software, but I seemed to still be able to chmod the affected directory back to 777 in FZ and then it was ok again so perhaps something seems wrong that I could do this. The php.ini I’m using now is just a straight copy of the one in etc and not customised yet, but I wonder if I am doing the right thing here.
If you have a mo’ any thoughts or a copy of your testing script would be deeply appreciated.
Leo
I have followed all instructions above for the suphp install but there is no mod_suphp.so in the /etc/httpd/modules directory to access. Do I need to download the module independently. Any input is greatly appreciated.
Thanks,
Aaron
Hi Aaron,
Mmm, did you find the mod_suphp.so to know if you have one in your filesystem?
To do that you can execute:
find / -name ‘*mod_suphp.so*’
This will find any file that contains mod_suphp.so in his name.
PS: The installation of suPHP completed without errors?
I hope this helps you to get suPHP installed on your server.
Best regards,
Andres Montalban
Hi Andres, thanks for this great tutorial. I’m in a similar situation. Moving from Bluehost shared hosting to Godaddy Virtual Dedicated Server hosting. I’m running in to the same issues as you did with not being able to write from backend / ftp owner account. So need to install suPHP.
Now the steps you mentioned are for Plesk. I’m using Simple Control Panel.
My question is, can I follow the same steps for installing and configuring suPHP from Simple Control Panel? If no, could you please help me with what I need to do differently.
I’ve tried following the steps that I found at the following link but I’m running into install errors. I’ve installed version 0.7.1 though.
http://www.howtoforge.com/install-suphp-on-various-linux-distributions-for-use-with-ispconfig-2.2.20-and-above
Need your help urgently. Thanks a ton.
Praveen.
Hi Praveen,
First of all thank you very much for checking out my website, and I am glad that you find it interesting. Too bad that it doesn’t fit for Simple Control Panel, I am assuming that you are using GoDaddy right? (I think they should use another Control Panel software like Virtualmin or something like that – Simple Control Panel is almost a pain in the…)
Regarding of using my instructions to install suPHP on your server I think they should work but the paths and configurations file may differ, however if you need to get this done please check my company website http://amtechhelp.com and we will be glad to assist you with any systems administration need.
Thank you very much for your time.
All the best,
Andres Montalban
Hi Andres,
Thank you for this helpful how-to. I was able to go through it and get suPHP working on my (dv) server. For the final step:
find . -type f -exec chmod 644 {} \;; find . -type d -exec chmod 755 {} \;; find . -exec chown :psacln {} \;; service httpd restart
I input “apache” for to get it working. Is this correct? I am not sure if I should have used another user – my default was not working. Also, if the apache user is correct, is it secure for my domain to have it owning all of those files? Thank you.
Sorry Andres… that should say I input “apache” for USER (it stripped that out when I put it in brackets) again, sorry…
Hi Kristen,
Thank you very much for checking this howto! I am glad that you find it helpful. Regarding your question you need to change the user to the owner of the domain in plesk, the last command is optional only to make sure that the files are all owned by the correct user and that the folders have the right permissions (755) and files (644).
If you require assistance we at AM Technology & Systems can assist you, just go to http://amtechhelp.com and click on the support tab on your left to create a ticket.
Thank you for checking my website, have a great day.
All the best,
Andres Montalban
hi andres,
im running into difficulties installing suPHP in mediatemple. im a total newbie with this.
before typing in the first command you stated above, do i need to cd to root?
because ive been getting the error “can’t create transaction lock on /var/lib/rpm/__db.000″
pls help thanks a lot.
Hi Marco,
Yes for all commands here you will need root access as it says in the requisites section, also remember to install Development Tools in order to follow the howto.
In case you need further assistance don’t hesitate to contact us at http://amtechhelp.com
Thank you very much for stopping by!
All the best,
Andres Montalban
Básicamente te amaré por un buen rato, Andrés. El (dv) de Media Temple es el primer “dedicado” que uso y me salvaste la vida.
¡Muchas gracias!
Thanks for the article, it helped me finally get suPHP working with Plesk. I’m not on Mediatemple but the directions are basically the same minus the developer tools crap.
It could be useful to note the apr-1-config can be also be installed by installing the apr-util package. Also apxs can be installed by installing the httpd-devel package. Took me some googling to figure it out of course.
Also some people will need to update their php session directory permissions.
Everything else went smoothly so thanks!
Is there a way to have the php.ini file above the httpdocs directory?
/var/www/vhosts//
Instead of
/var/www/vhosts//httpdocs/
I’d rather not have it visible by navigating to http://mysite.com/php.ini
Thanks!
Hi Jason,
Yes you have two options:
1) Write in your .htaccess something like this:
order allow,deny
deny from all
2) Use the suPHP configuration value in your Apache configuration file to select which php.ini you will use for a virtualhost, and for example placing it outside the Document Root
suPHP_ConfigPath /path/to/your/php.ini
I hope that this help you, sorry for the delay in my reply.
All the best,
Andres Montalban
thanks for your post
it works in dv3.5
but in mt dv4.0, the php-cgi thread won’t quit for a long time
so the memory is not enough…
plz help
Thanks for the tutorial, Andres, it seems to be exactly what we all needed. However, after following the steps I went to refresh various domains on my server in my browser and they returned an “Internal Server Error”. I found if I remove the suphp.conf file from /etc/httpd/conf.d and restart httpd that the error goes away. Obviously that would mean suPHP isn’t working so I’m confused, any thoughts?
check /etc/suphp.conf
I bet you just copy and paste the text from there.
and some characters got messed up.
Check
x-httpd-php=”php:/usr/bin/php-cgi”
;Handler for CGI-scripts
x-suphp-cgi=”execute:!self”
make sure for php hander you have ” and no other characters
then restart apache.
Would like to see a suphp configuration for servers that are configured to serve virtual hosts from /home/{username}/public_html that would help the folks using Simple Control Panel.
@JarbleCode not quite yet. That was sent from a separate application that I was using to learn the API. Working on Twitter/Facebook now!