CentOS 7上PHP默認(rèn)是以apache或者nobody的身份運(yùn)行的��,這種方式下由于PHP運(yùn)行需要的權(quán)限比較大,會(huì)有安全隱患���,還可能會(huì)受到服務(wù)器其他用戶影響。
通過(guò)phpinfo查看PHP信息如下:
apache運(yùn)行php
可以看出來(lái)���,PHP目前是作為Apache的一部分在運(yùn)行,而不會(huì)為每個(gè)腳本運(yùn)行一個(gè)獨(dú)立進(jìn)程。如果希望PHP腳本運(yùn)行時(shí)是以當(dāng)前用戶的身份而不是Apache,可以通過(guò)部署suPHP來(lái)實(shí)現(xiàn)�����。接下來(lái)介紹如何在CentOS 7上安裝suPHP���。
先配置安裝suphp所需的環(huán)境:
yum -y groupinstall 'Development Tools'
yum -y install apr-devel
yum -y install httpd-devel
下載suphp安裝包:
mkdir temp
cd temp
wget http://suphp.org/download/suphp-0.7.2.tar.gz
tar zxvf suphp-0.7.2.tar.gz
下載并安裝suphp補(bǔ)?����。?/p>
wget -O patchingsuphp.patch https://www.webhostinghero.com/downloads/php/suphp.patch
patch -Np1 -d suphp-0.7.2 < patchingsuphp.patch
cd suphp-0.7.2
autoreconf -if
運(yùn)行./configure:
./configure --prefix=/usr/ --sysconfdir=/etc/ --with-apr=/usr
/bin/apr-1-config --with-apache-user=apache --with-setid-mode=owner
--with-logfile=/var/log/httpd/suphp_log
編譯并安裝:
make
make install
在Apache配置目錄下創(chuàng)建suphp.conf
vi /etc/httpd/conf.d/suphp.conf
并寫入:
LoadModule suphp_module modules/mod_suphp.so
/etc目錄下創(chuàng)建suphp.conf配置文件:
vi /etc/suphp.conf
并寫入配置文件內(nèi)容如下:
[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=apache
;Path all scripts have to be in
docroot=/
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=100
[handlers]
;Handler for php-scripts
x-httpd-suphp="php:/usr/bin/php-cgi"
;Handler for CGI-scripts
x-suphp-cgi="execute:!self"
如果希望domainname這個(gè)目錄以用戶user身份運(yùn)行,那么修改目錄所有者屬性為user,如下:
chown -R [user].[user] /var/www/html/[domainname]
最后在Apache配置文件中找到相應(yīng)域名��,并開(kāi)啟suphp:
<FilesMatch ".+/.ph(p[345]?|t|tml)$">
SetHandler None
