SuPHP

To Enable suPHP in apache edit /etc/apache/conf/httpd.conf and add

AddHandler x-httpd-php .php suPHP_Engine on

Make sure that the directories the site uses to upload / download files are owned by the siteowner:sitegroup. Also make sure that the scripts are owned by the siteowner / sitegroup.

Files which are included by scripts only need read permissions for the script owner - this means files which are included only can be permission chmod 640 (eg. db_inc.php). This protects from scripts that read the directory / file structures. Directories containing only include files can be set to chmod 711 offering more protection.

To enable register_globals or change other php_flags, you have to insert

<Directory /path/to/DoumentRoot>

       AllowOverride Options Authconfig
       suPHP_ConfigPath /path/to/DoumentRoot/

</Directory>

In the config. /path/to/DoumentRootphp.ini has the following lines changed (it's a copy of the /etc/php4/cgi/php.ini).

register_globals = On magic_quotes_gpc = Off

Do NOT include php.ini in the suPHP_Configpath line, as you then only change the settings for that specific dir, and not recursively to all the dirs below the dir specified in <Directory ...>!

the php.ini can be owned root:root, but has to be in the virtualhost site structure somewhere.

Unlike in the mod_php version where you can do it all in the virtualhost setup like

<Directory /path/to/DoumentRoot>

       AllowOverride Options Authconfig
       php_flag register_globals on

php_flag magic_quotes_gpc off </Directory>

To Disable mod_suPHP for a specific site and get mod_php to work for a certain site, change the virtualhost section.

<VirtualHost>

 suPHP_Engine off
 RemoveHandler .php
 ....

</VirtualHost>

Also remove the suPHP_Configpath directive from the <Directory> section.