suPHP + Userdir on Ubuntu

Recently I’ve had the need to combine suPHP with the userdir mod for Apache on Ubuntu. By default they don’t play nice together. So here is a quick guide on how to get it working.

If you have installed a standard LAMP server (there are many guides on how to do this), you now need to install the suphp package for apache, this is called libapache2-mod-suphp:

$ sudo apt-get install libapache2-mod-suphp

Once that has been installed open the file /etc/suphp/suphp.conf in your favourite text editor. Find the line that has the docroot on, and change the docroot so that it is just “/”. This means that the suphp engine will parse anywhere in the file system, and not just in the standard html directory, thus allowing users to have their own.

docroot=/

You may also want to change the security options as appropriate, just change the “false” to “true” of the applicable ones the enable them. This is worth experimenting with. Further down you will want to set the “check_vhost_docroot” is set to false, this again is to do with the fact that userdirs are not in the vhost’s document root.

check_vhost_docroot=false

Finally you have the min_uid and min_gid properties. These are worth altering if you still want to be able to have a website running as www-data (such as the default website). If this is the case, change them both to the uid and gid of www-data (33 by default). It is not recommended to allow suphp to run as root, so do not set it to 0.

min_uid=33
min_gid=33

Finally, you need to enable the mods suphp and userdir, and disable the mod php5, this is done with two commands, and then restart apache2:

sudo a2dismod php5
sudo a2enmod userdir suphp
sudo /etc/init.d/apache2 restart

This should then allow you to run php scripts as the user who created them. To test this, create a new php file that contains:

<?php
system(id);

This will give you information of the user that the php process is running as. I recommend changing the ownership and retrying it, just make sure sure suphp is running as it should be.

  • I execute ‘sudo a2dismod php5’ command and restart apache2,but web server cannot run

  • Rick Ogden

    What happens if you re-enable php5 (sudo a2enmod php5)?

  • Internal Server Error

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, webmaster@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    Apache/2.2.12 (Ubuntu) Server at 163.26.97.112 Port 80

  • Rick Ogden

    In which case check that you’ve edited the config files correctly, as a syntax error in them is likely to cause these sorts of error messages.

  • with the way Rick has edited the suPHP configuration file, it’s important to keep file and directory permissions correct. One of the features I love about SuPHP is that (as it stands in the default config) all directories must be no higher than 755, and all files must be no higher than 644.

    On production systems you’re forcing users to keep their permissions closed to themselves and not open like a typical mod-php setup.

    Incorrect File permissions will present a Internal Server Error 500.

    But when in doubt, check your log file (example: /var/log/apache2/error.log) – =D

    PS Love your work Rick.

  • Max Malm

    Thanks bud, saved my day.

    Cheers from Sweden

  • shinas

    Hi

    I configured suphp as shown in your steps..but it gives the user as default apache user what i will do?

  • Jhon

    it worked! Great!