|Transition to suPHP (schedule)|
| This announcement is related to our upcoming work on all reseller servers to enable suphp. suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter. In more general terms, enabling suphp will add an additional layer of security and remove issues related to file ownership permissions when using popular PHP based applications such as Wordpress and Joomla.
We will be carrying out this change on those servers listed below:
April 26, 2010 - 12:00 AM EST
April 26, 2010 - 10:00 PM GMT
April 27, 2010 - 10:00 PM GMT
April 28, 2010 - 10:00 PM GMT
April 29, 2010 - 10:00 PM GMT
April 30, 2010 - 10:00 PM GMT
This is quite a large scale change but we'd first like to reassure all clients that in the vast majority of cases there will be no difference and the work will be un-noticable. In fact, we have been running suphp on our shared hosting servers for some months now with ZERO problems or issues and all previous upgrades have gone very well. This announcement is aimed at highlighting some of the slight differences when PHP is running in a suphp environment.
1. Permissions (WILL BE HANDLED BY US)
With suphp it will not be possible to make insecure permission settings to scripts such as 777 world writable. Any PHP files should be set to 644 (or less) with directories set to 755 (or less). This is a much more secure hosting environment and any changes to permissions or ownership required on existing scripts will be handled by us as part of the work.
Any files currently set to 777, 757, etc. will be changed to 755 as a safe global change, you can change them to 644 from there, if you wish. This only changes files and directories that are currently set to group or world write permissions and ignores any other files. This changes more than php files, to be the most safe and consistent change, in case you have any CGI files or other that are too open (and insecure) with its permission. Finally, any files that need to be set to "read only" should be set to 444 or 400.
2. .htaccess php rules (WILL BE HANDLED BY US)
At the moment it is possible to change some php options by using a line in a .htaccess file such as "php_value option x" or "php_flag option x". This will no longer be possible after the suphp install and any php options will need to be configured in a file called php.ini using the syntax 'option_name = "value"'. Once again, we will take care of converting lines of .htaccess files to php.ini files at the time of the work.
3. SetHandler rules
Any clients who have setup SetHander rules will need to change these as follows. Any instances of:
Need to be sure they use -php5 instead of -php:
4. Account quotas
To date, any files created using a PHP script have been under Apache ownership and not counted towards the user account quota. This will change and all quotas will be much more accurate after the work which is a major benefit for account accuracy and when clients with to modify files created using scripts via FTP which will be possible without issue with suphp.
For any clients using Joomla, it is important to have the $live_site variable configured with the domain of the account. Most installs should already have this set but it's worth taking a few seconds to check before this work is done.
If anyone has any questions please feel free to contact us at firstname.lastname@example.org
|Updated by Alec B. on 14th Apr 2010 @ 17:22pm|