通常状态下PHP是以httpd.conf里设定的User身份的权限来运行的,一般默认为apache,httpd等等。有时会遇到权限的问题,可以用perl去写一个cgi script来操作,对于PHP比较熟悉也可以用php来写,然后用suPHP这个工具来使其以php文件属主的身份来运行它。

suPHP包括一个Apache的模块(mod_suphp)和一个setuid-root的suphp命令。由于suphp这个命令是 setuid-root了的,所以还是有一定风险,尽管作者称到现在还没有发现任何bug。(“Although I currently don’t know any bug in suPHP I can’t guarantee that there aren’t any.”;)

FC4 (Apache 2.0.54 / PHP 4.4.1)下安装配置如下:
下载最新的 suPHP 0.6.1,解压缩,进入suphp-0.6.1目录:
./configure –prefix=/usr –with-apxs=/usr/sbin/apxs –sysconfdir=/etc/httpd/conf –with-apache-user=apache –with-setid-mode=owner
make
make install———-
配置文件/etc/httpd/conf/suphp.conf:
———-
[global]
;Path to logfile
logfile=/var/log/suphp.log

;Loglevel
loglevel=info

;User Apache is running as
webserver_user=apache

;Path all scripts have to be in
docroot=/

;Path to chroot() to before executing script
;chroot=/mychroot

; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true

;Send minor error messages to browser
errors_to_browser=false

;PATH environment variable
env_path=/bin:/usr/bin

;Umask to set, specify in octal notation
umask=0077

; Minimum UID
min_uid=0

; Minimum GID
min_gid=0

[handlers]
;Handler for php-scripts
x-httpd-php=php:/usr/bin/php-cgi

;Handler for CGI-scripts
x-suphp-cgi=execute:!self

———-
配置文件/etc/httpd/conf/httpd.conf:
———-

LoadModule suphp_module modules/mod_suphp.so

#在suphp这个目录测试一下
<Directory /web/document/root/suphp>
<IfModule mod_suphp.c>
suPHP_Engine on
suPHP_ConfigPath /etc
suPHP_AddHandler x-httpd-php
AddHandler x-httpd-php .php
</IfModule>
</Directory>

在 /web/document/root/suphp 目录下写个 test_suphp.php 试试:
<?php
`touch /root/testsuphp`;
$output = `ls -l /root`;
echo “<pre>$output</pre>”;
?>