-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
In that setup (based on information provided), no - suPHP would be of no benefit. You'd just run the apache daemon as tom and be done with it. However, in my setup, it is of significant benefit. We support about 300 users. Normally, if they have an application that requires write access to files/directories (gallery2, for instance), you have to either chown the directory to the www-data group (in the Ubuntu case) or set the "other" permissions to read/write. But it means that 1 user on the system could write a PHP script to read and/or write to the other users data. Also, a major problem is MySQL usernames and passwords - if they are in a file readable by the webserver, it causes security problems. suPHP means I can have a file in my homedir and owned by cian, readable only by me - my PHP app will still work but no-one can access it with a PHP script. But that works for *all* users. It's not tied to 1 user. The biggest problem we have (and why we don't use it as default) is that if someone has a badly written PHP script, there is a potential for them to disclose everything in their home dir and/or allow writes to their home dir. We want them to at least understand the dangers before they enable suPHP. Regards, Cian Simón wrote: > Hi there, > > I don´t understand in detail what´s the benefit of suphp. I will > put the conf of my servers as example. > > 6 virtual hosts under one unique user (tom, tomgroup) > > I think that the benefit of suphp, is that the php scripts will be > run as the user "tom" instead the apache user, but is this really > important on a setup like that with only one user? > > I hope someone could open my eyes ;). Kind regards, Simon. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGcIwq2yUma7R/3b8RAj2qAKCDag3MUlHlH7zpqXw/i96b+9RNTwCfeLUu S22Rm+AsrpX9z1NutjpfqDU= =3JHE -----END PGP SIGNATURE----- _______________________________________________ suPHP mailing list [email protected] http://lists.marsching.biz/mailman/listinfo/suphp
