Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By rolygate on
Normally you get suPHP or you don't. Doesn't seem to make a lot of difference to Drupal but it might when installing plugins I guess.
We have an unmanaged dedibox with no suPHP. The host wants to install suPHP as it will make backups easier.
Anyone know if there are any issues with bunging that in on top of an existing Drupal 5x install?
Comments
There will be a benefit for
There will be a benefit for convenience and security (files and directories created by the server, such as uploads, will be owned by your own account and not by the server -- easier to handle), at the cost of somehow worse performance.
I wouldn't recommend suPHP on a dedicated server
If you have a dedicated server, you don't need it to protect your files from other users/sites on the server as there aren't any.
And if you do use it, Apache now runs with the permissions of the file owner. This generally allows the website to overwrite it's own files.
So you get the main security risk of suPHP without the main security benefit.
Yeah, agreed, it may not be a
Yeah, agreed, it may not be a great idea..... depending.
But we don't have a choice, the hosts are doing it to ensure the backups get all the files. According to them, some risk being dropped because of the ownership issues. This came about because cPanel have just changed their software, and some file backups crashed.
Anyway - all we need to worry about is if this will crash Drupal for some reason. I don't see how it can but who knows, maybe someone knows better.
An unmanaged server? :)
I would've thought backups would be your responsibility on an unmanaged server ;)
Is there any way you can run a local backup script (as root) that then puts the backups elsewhere or at least somewhere they can pick up? A backup as root can then backup all sorts of stuff and allow you to restore the whole server (including all system file ownerships and permissions etc) in one hit.
But yeah, Drupal does run fine under suPHP/suExec type solutions - lots of shared hosts do that.
Agree ''you get the main security risk of suPHP without benefit"
@styro wrote:
That's my precise concern at the moment. See also my remarks under (closed) Security Review » Issues: Impossible for somephp configurations to pass the test for file system permissions concerning the now common combination of CentOS + suPHP on VPS setups.
Webel IT Australia, "Elements of the Web", Scientific IT Consultancy,
For PHP-driven Drupal CMS web sites, Enterprise Java, graphical UML, UML Parsing Analysis, SysML, XML.
I agree, it's probably not necessary...
... but if you're forced to live with it, here's the best info I've seen: http://www.joomlatutorials.com/joomla-tips-and-tricks/40-miscellaneous-j... . It's mostly just a matter of changing permissions: