Discussion:
suphp thing
Martin Ambrož
2007-09-16 14:29:43 UTC
Permalink
Hello everyone,

When someone needs a bit more secure system (and still keep PHP there),
he will start using suphp, that will run PHP script under owner of PHP
script and there is place where problem starts. All web applications are
getting installed as root:root and there is a must of recursively
changing owner in whole application directory on every upgrade.

My suggestion is to install all webapps as unprivileged user with
current webserver group, it's not breaking any functionality of
applications and it's making upgrades for suphp users easier.

thank you for reading this
Dusty Wilson
2007-09-16 17:43:25 UTC
Permalink
Post by Martin Ambrož
Hello everyone,
When someone needs a bit more secure system (and still keep PHP there),
he will start using suphp, that will run PHP script under owner of PHP
script and there is place where problem starts. All web applications are
getting installed as root:root and there is a must of recursively
changing owner in whole application directory on every upgrade.
My suggestion is to install all webapps as unprivileged user with
current webserver group, it's not breaking any functionality of
applications and it's making upgrades for suphp users easier.
What's the difference between running with suphp with a standard
unprivileged user and running without suphp and running the scripts instead
with the www-data user? Either way, the script has access to everything the
www-data user has access to or whatever the dummy user is. The only way I
see this being helpful is if each application is running as its own user
individually.

thank you for reading this


Thank you for writing this. It's a good topic and I hope I learn something
if I'm wrong.

Dusty
Martin Ambrož
2007-09-16 21:03:50 UTC
Permalink
Post by Dusty Wilson
What's the difference between running with suphp with a standard
unprivileged user and running without suphp and running the scripts
instead with the www-data user? Either way, the script has access to
everything the www-data user has access to or whatever the dummy user
is. The only way I see this being helpful is if each application is
running as its own user individually.
Provides security. Scripts aren't run as webserver user so when you have
safe_mode turned off (or someone finds way to go around this) he can
read anything what webserver user owns.

suPHP is often presented as not suitable solution for masshosting
because of poor performance (around 9 times slower than mod_php), but I
tested it recently on medium sized hosting and it's beautiful solution
for masshosting security and when you need better performance there is
nothing else than providing FastCGI for special websites.

Let's believe there will be something secure and fast like FastCGI what
consumes less memory.

P.S.: right, web applications can run as www-data when there is suPHP
turned off but they aren't isolated then from each other.
Dusty Wilson
2007-09-16 21:28:25 UTC
Permalink
Post by Martin Ambrož
Post by Dusty Wilson
What's the difference between running with suphp with a standard
unprivileged user and running without suphp and running the scripts
instead with the www-data user? Either way, the script has access to
everything the www-data user has access to or whatever the dummy user
is. The only way I see this being helpful is if each application is
running as its own user individually.
Provides security. Scripts aren't run as webserver user so when you have
safe_mode turned off (or someone finds way to go around this) he can
read anything what webserver user owns.
suPHP is often presented as not suitable solution for masshosting
because of poor performance (around 9 times slower than mod_php), but I
tested it recently on medium sized hosting and it's beautiful solution
for masshosting security and when you need better performance there is
nothing else than providing FastCGI for special websites.
Let's believe there will be something secure and fast like FastCGI what
consumes less memory.
P.S.: right, web applications can run as www-data when there is suPHP
turned off but they aren't isolated then from each other.
Are you suggesting that each application would have its own user? I think
that's the only way what you're suggesting would be useful.
Martin Ambrož
2007-09-16 22:03:48 UTC
Permalink
Post by Dusty Wilson
Are you suggesting that each application would have its own user?
Yes, every web application will have own user. I think it's not going to
break anything, but it's against Debian policy to install all
applications as root by default. This case should be probably threatened
differently, let's see what people say on this.
Martin Ambrož
2007-09-17 00:31:26 UTC
Permalink
ideally though, a package should be able to be changed after installation to
fit with this method (i.e. changing permissions on config files and data
directories via dpkg-statoverride etc).
ty Sean, dpkg-statoverride looks like perfect Debian way to solve this
problem with mass updates. I should browse Debian utils more from now

Thanks everyone, seems there is no need to do anything since way for
permission override like this exists.
FYI I use apache2-mpm-itk package to run each webapp with a
different user. You just put "AssignUserID <user> <group>" in
your VirtualHost file and that's OK. I think it's the best way
to have easy and secure masshosting.
I don't know, what is better, to let Apache spawn php processes or to let
spawn one Apache thread for a single image when lot of people are accessing
different websites simultaneously If this will be handled differently in
future, I'll move there. Please correct me if I'm wrong.

Solution to provide 2 web servers with requests directed with for example
proxy was not accepted when I provided this idea to my co-worker last time,
but the problem is. I don't remember right now why, I'll ask him tomorrow
about this (today)
Gregory Colpart
2007-09-16 23:46:10 UTC
Permalink
Hello,
Post by Martin Ambrož
Provides security. Scripts aren't run as webserver user so when you have
safe_mode turned off (or someone finds way to go around this) he can
read anything what webserver user owns.
suPHP is often presented as not suitable solution for masshosting
because of poor performance (around 9 times slower than mod_php), but I
tested it recently on medium sized hosting and it's beautiful solution
for masshosting security and when you need better performance there is
nothing else than providing FastCGI for special websites.
Let's believe there will be something secure and fast like FastCGI what
consumes less memory.
P.S.: right, web applications can run as www-data when there is suPHP
turned off but they aren't isolated then from each other.
FYI I use apache2-mpm-itk package to run each webapp with a
different user. You just put "AssignUserID <user> <group>" in
your VirtualHost file and that's OK. I think it's the best way
to have easy and secure masshosting.

Regards,
--
Gregory Colpart <***@evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
--
To UNSUBSCRIBE, email to debian-webapps-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Michelle Konzack
2007-09-18 13:26:24 UTC
Permalink
Post by Dusty Wilson
What's the difference between running with suphp with a standard
unprivileged user and running without suphp and running the scripts instead
with the www-data user? Either way, the script has access to everything the
www-data can not wirite to $USER homes.

I have setup my VHosts (Apache) to run as seperated $USER which mean,
each $VHOST is a unpriviliged user..

Thanks, Greetings and nice Day
Michelle Konzack
Tamay Dogan Network
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSN LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
Continue reading on narkive:
Loading...