1

I am running a site with a WordPress CMS. I tried to install W3 Total Cache to speed up the site files, but I didn't know which opcode to pick (I am on a VPS), so I put a support ticket in with my host. The host came back telling me the following:

APC is not available on your VPS. Your VPS is running PHP with SuPHP, so the APC will not work with it. 

> ====================================================
> -bash-3.1# hostname server.xxxxx.com
> -bash-3.1# /usr/local/cpanel/bin/rebuild_phpconf --current Available handlers: suphp dso cgi none DEFAULT PHP: 5 PHP4 SAPI: none PHP5 SAPI:
> suphp SUEXEC: enabled RUID2: not installed
> bash-3.1#
> ====================================================

The suPHP is a must as it provides an additional layer of protection on servers. It causes php scripts to run under the account username instead of the user ‘nobody’ which is the user that apache/php would run under on a server that is not running suPHP. This feature allows us to more easily track any potential security breaches that come in via insecure php script(s) that a user is running.

If you still want APC, then we will need to recompile PHP without suphp on your VPS. Please note that some websites scripts may not work with PHP without suphp.

I also run a forum on the site that is handled with vBulletin. Do I need suPHP? Is the tradeoff for speed with caching worth removing it? I am not a sysadmin but I read that suphp is mostly recommended when on a shared server.

user9517
  • 115,471
  • 20
  • 215
  • 297
Nick
  • 113
  • 5

2 Answers2

3

are you the only user on the server? Do you host for other people/accounts? Can people upload php scripts to be run on your server?

If the answer any of the above is Yes, then using something SuPHP is recommended, since it offers an extra layer of protection by forcing it to run as the user, as opposed to the user the webserver runs as. If you remove su php, all directories and files that need to be read y php will need to be either be owned or writable by your webserver user (normally nobody or apache or httpd). This also leads to people doing things like setting world readable | writeable (IE mode 777) on directories so the web server can read/write into them. If you are the only person/company that uses the web hosting on your VPS, then this isn't too much of an issue. But if you have other people that can access the server, they can use PHP to browse through these directories via the web and expose information, etc... So you will need to take that into account.

Doon
  • 1,441
  • 9
  • 9
  • Sorry about the late response just found this after it moved to Serverfault. The server is a VPS, so I think it's logically separate, and #2 and #3 are both NO. Thanks for the info. – Nick Nov 27 '12 at 20:43
2

It appears that your VPS was preinstalled with various scripts which are useful for providing shared web hosting services. Among these are cPanel and suPHP.

While these can be convenient to use, if you aren't actually providing shared web hosting and you're the only person using the machine, then they're mostly redundant and unnecessary.

SuPHP, in particular, is designed to isolate users from each other in a shared hosting environment. If you're the only person hosting a site there, then it's superfluous; you can simply set permissions to whatever your applications may require.

If you're willing to learn the basics of setting up Linux, Apache and so on, you can probably also get rid of the cPanel license and save a few bucks.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972