Page 1 of 1

LAMPP suphp+suPHP_UserGroup not work?

PostPosted: 17. August 2008 20:08
by WhiteShepherd
I've just downloaded and installed the latest LAMPP (I've used XAMPP WIN32 for years but this is my first time into LAMPP).

I installed my forums software uploaded the MYSQL DB and it ran just fine. I then decided to lock down PHP so I added the directives to the virtualhost:

suPHP_Engine On
suPHP_ConfigPath /pathtoini/
suPHP_UserGroup user groupname (I want forums to run as this linux user/group so if the forums are hacked other folders are more protected).


Problem is when I try to start apache it does not start and I get the error: Invalid command 'suPHP_UserGroup', perhaps misspelled or defined by a module not included in the server configuration

I've also tried loading the directives by themselves and I get the same error.

It's becoming more of a trend on the internet for groups to hack sites just for the entertainment. We've been hit twice now so I'm trying my best to lock LAMPP down as tight as possible (besides just keeping the forum code updated). Any suggestions along those lines are welcome as well.

PostPosted: 17. August 2008 21:40
by glitzi85
What have you done to install suPHP?

glitzi

PostPosted: 21. August 2008 04:54
by WhiteShepherd
Oh geez.. I could of sworn it has suPHP. I have to admit I'm a newbie to Linux. I need to find a way to lock down users to their home directories.

Under Windows XAMPP mod_php I used

php_admin_value doc_root
and
php_admin_value open_basedir

in each virtualhost to lock a user's PHP down to their own directory. Does the PHP installed with LAMPP allow for individual security like this (or better) or do I need to install a application like suphp and set file permissions per user account?

PostPosted: 26. August 2008 10:12
by Nobbie
WhiteShepherd wrote:Does the PHP installed with LAMPP allow for individual security like this (or better)


No, Xampp is ment to be a development tool *not* a productive tool.