Comments on: Using suexec To Secure A Shared Server

By: tanuj

tanuj — Wed, 16 Jul 2008 23:09:30 +0000

how can i check myserver having suexec enabled.

Regards,
Tanuj
http://www.isuvidha.com/tanuj

By: Fwolf’s Blog » Blog Archive 由一个错误学到的一些php安全配置问题 - Fwolf's Blog

Fwolf’s Blog » Blog Archive 由一个错误学到的一些php安全配置问题 - Fwolf's Blog — Sun, 13 Jul 2008 10:47:18 +0000

[...] suphp比suexec（就是原来dv3.0升php5的方法）要快一点；比suphp更快的还有suphp_mod_php；再快一些的是mpm-peruser，不过安装配置的麻烦程度也随之递增。 [...]

By: Phill Brown

Phill Brown — Wed, 09 Jul 2008 15:48:05 +0000

Great Article,
After reading I am now swayed more to utilise suPHP or FastCGI Instead.
Thanks.

By: Adam

Adam — Wed, 09 Jan 2008 13:50:06 +0000

Good article! Thanks a lot for sharing.

By: Sasa Ebach

Sasa Ebach — Thu, 20 Dec 2007 12:22:04 +0000

Stu, this is much appreciated. I can’t wait for your next article or a good solution for this problem. The best thing I could come up with would be one Apache for each user and a master Apache which works as proxy to the user instances.

I figure this is probably very inefficient if you have dozens or hundreds of accounts. I have not actually tried this, yet.

By: Stu

Stu — Thu, 20 Dec 2007 08:25:43 +0000

@sapphirecat: Using exec or a trivial C program would both be more optimal than using the script I supplied, definitely.

@david: Thanks. I’ll cover that in the next article or so!

By: David Rodger

David Rodger — Tue, 18 Dec 2007 23:43:11 +0000

It would be interesting to read your thoughts about this (if you’ve not come across it previously)…

http://www.telana.com/peruser.php

By: developercast.com » Stuart Herbert’s Blog: Using suexec To Secure A Shared Server

Tue, 18 Dec 2007 18:52:50 +0000

[...] His guide steps through the entire process - getting the software, configuring Apache (with the PHP/CGI installation) and configuring suexec, both for the default install and then for the shared server settings. There’s even a few brief benchmarks showing the speed of execution for scripts with and without the suexec environment. [...]

By: sapphirecat

sapphirecat — Tue, 18 Dec 2007 13:24:17 +0000

Is it more efficient to use ‘exec’ so the shell doesn’t fork+wait on php-cgi? I’m curious what the benchmark result is if you change the bash script like so:

exec /usr/bin/php-cgi “$@”

It also seems fairly trivial to write a small C program to do this; you’d just pass your own argv on to the appropriate exec function. You might even statically link it, to avoid running ld.so. But I suspect this is leading into the land of tedious micro-optimization; especially, the speed of “execute PHP directly” is the limit for this case.