suPHP provides an additional layer of protection on servers. It causes PHP scripts to run under the account username instead of the user nobody which is the user that apache/PHP would run under on a server that is not running suPHP. This feature allows us to more easily track any potential security breaches that come in via insecure PHP script(s) that a user is running.
The following are the steps to convert PHP Handler from DSO to suPHP:
1. Switch to suPHP Handler
Login as root into shell and run below command
# /scripts/easyapache
Else login to WHM -> EasyApache (Apache Update)
After Apache has finished recompiling, the suPHP show up now in WHM > Apache Configuration > PHP and SuExec Configuration area to select. Select suPHP to change PHP handler.
2. Change all permissions for folders from 777 to 755
Run below command to change the all folders permissions as 755.
#find /home/*/public_html -type d -exec chmod 755 {} \;
3. Change all permissions for files from 666 to 644
Run below command to change all files permissions as 644.
# find /home/*/public_html -type f -exec chmod 644 {} \;
4. Change ownership of public_html contents
Change the public_html contents to the user:user (rather than user: nobody), but keep the top level of public_html as user: nobody.
for i in `ls /var/cpanel/users/`; do chown -R $i:$i /home/$i/public_html ; done
for i in `ls /var/cpanel/users/`; do chown $i:nobody /home/$i/public_html ; done
for i in `ls /var/cpanel/users/`; do chown $i:nobody /home/$i/public_html/_vti_pvt ; done
The first command recursively chowns all files and folders inside public_html to the users found in /var/cpanel/users folder.
The second command keeps the top-level of public_html as user: nobody as it needs to remain that setting.
The last command changes the FrontPage extensions folder _vti_pvt in public_html to the user: nobody as well, since it likewise needs that permission.
5. Remove any php_value and php_flag entries in .htaccess files
Remove any php_value and php_flag entries in .htaccess files as they will cause an Internal Server Error if in an account’s .htaccess file.
# find /home -type f -name ‘.htaccess’ -exec grep -Hrn ‘php_value’ ‘{}’ \;
# find /home -type f -name ‘.htaccess’ -exec grep -Hrn ‘php_flag’ ‘{}’ \;
6. Edit the php.ini file to change to the new values, and point the .htaccess on that account to use that php.ini file
suPHP_ConfigPath /home/username/public_html/
If you require help, contact SupportPRO Server Admin
