通常状态下PHP是以httpd.conf里设定的User身份的权限来运行的,一般默认为apache,httpd等等。有时会遇到权限的问题,可以用perl去写一个cgi script来操作,对于PHP比较熟悉也可以用php来写,然后用suPHP这个工具来使其以php文件属主的身份来运行它。
suPHP包括一个Apache的模块(mod_suphp)和一个setuid-root的suphp命令。由于suphp这个命令是 setuid-root了的,所以还是有一定风险,尽管作者称到现在还没有发现任何bug。(“Although I currently don’t know any bug in suPHP I can’t guarantee that there aren’t any.”
FC4 (Apache 2.0.54 / PHP 4.4.1)下安装配置如下:
下载最新的 suPHP 0.6.1,解压缩,进入suphp-0.6.1目录:
./configure –prefix=/usr –with-apxs=/usr/sbin/apxs –sysconfdir=/etc/httpd/conf –with-apache-user=apache –with-setid-mode=owner
make
make install———-
配置文件/etc/httpd/conf/suphp.conf:
———-
[global]
;Path to logfile
logfile=/var/log/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=apache
;Path all scripts have to be in
docroot=/
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=0
; Minimum GID
min_gid=0
[handlers]
;Handler for php-scripts
x-httpd-php=php:/usr/bin/php-cgi
;Handler for CGI-scripts
x-suphp-cgi=execute:!self
———-
配置文件/etc/httpd/conf/httpd.conf:
———-
…
LoadModule suphp_module modules/mod_suphp.so
…
#在suphp这个目录测试一下
suPHP_Engine on
suPHP_ConfigPath /etc
suPHP_AddHandler x-httpd-php
AddHandler x-httpd-php .php
…
在 /web/document/root/suphp 目录下写个 test_suphp.php 试试:
`touch /root/testsuphp`;
$output = `ls -l /root`;
echo “
$output”;
?>