Apr\u00e8s l’installation et le d\u00e9ploiement de ces modules de s\u00e9curit\u00e9, la configuration de PHP5 sur le serveur web exploitera le fichier de configuration php.ini CGI.<\/p>\n
Dans un premier temps, installer les modules concern\u00e9s :<\/p>\n
[bash]&lt;\/p&gt;<br \/>
\n&lt;p&gt;root@ubuntu:\/# apt-get install apache2-suexec&lt;br \/&gt;<br \/>
\nroot@ubuntu:\/# apt-get install apache2-suexec-custom&lt;br \/&gt;<br \/>
\nroot@ubuntu:\/# apt-get install libapache2-mod-suphp&lt;\/p&gt;<br \/>
\n&lt;p&gt;[\/bash]<\/p>\n
Pour la configuration de ceux-ci, consid\u00e9rons que tous les sites clients vont se trouver dans “\/var\/www\/<SITE>\/”, et que chaque r\u00e9pertoire propre \u00e0 un site disposera des r\u00e9pertoires “httpdocs” pour le contenu du site en lui m\u00eame et “log” pour la journalisation.<\/p>\n
Modification de “\/etc\/apache2\/suexec\/www-data”. On indique le r\u00e9pertoire racine de tous les site dans ce fichier, puis le r\u00e9pertoire contenant les fichiers de chaque site (httpdocs).<\/p>\n
[bash]&lt;\/p&gt;<br \/>
\n&lt;p&gt;root@ubuntu:\/var\/www\/monsite\/httpdocs# cat \/etc\/apache2\/suexec\/www-data&lt;br \/&gt;<br \/>
\n\/var\/www&lt;br \/&gt;<br \/>
\nhttpdocs&lt;br \/&gt;<br \/>
\n# The first two lines contain the suexec document root and the suexec userdir&lt;br \/&gt;<br \/>
\n# suffix. If one of them is disabled by prepending a # character, suexec will&lt;br \/&gt;<br \/>
\n# refuse the corresponding type of request.&lt;br \/&gt;<br \/>
\n# This config file is only used by the apache2-suexec-custom package. See the&lt;br \/&gt;<br \/>
\n# suexec man page included in the package for more details.&lt;\/p&gt;<br \/>
\n&lt;p&gt;[\/bash]<\/p>\n
Pour la configuration de “suphp”, il est n\u00e9cessaire de connaitre l’uid et le gid minimum d’ex\u00e9cution des scripts web. Il est conseill\u00e9 d’indiquer ceux de l’utilisateur par d\u00e9faut “www-data” (33 ou 100 g\u00e9n\u00e9ralement) que l’on peut r\u00e9cup\u00e9rer via la commande:<\/p>\n
[bash]&lt;\/p&gt;<br \/>
\n&lt;p&gt;root@ubuntu:\/# id www-data&lt;br \/&gt;<br \/>
\nuid=33(www-data) gid=33(www-data) groupes=33(www-data)&lt;\/p&gt;<br \/>
\n&lt;p&gt;[\/bash]<\/p>\n
Configuration du fichier “\/etc\/suphp\/suphp.conf” :<\/p>\n
[bash]&lt;\/p&gt;<br \/>
\n&lt;p&gt;[root@[dedix chrooted]:\/]$ cat \/etc\/suphp\/suphp.conf&lt;br \/&gt;<br \/>
\n[global]&lt;br \/&gt;<br \/>
\n;Path to logfile&lt;br \/&gt;<br \/>
\nlogfile=\/var\/log\/suphp\/suphp.log&lt;\/p&gt;<br \/>
\n&lt;p&gt;;Loglevel&lt;br \/&gt;<br \/>
\nloglevel=info&lt;\/p&gt;<br \/>
\n&lt;p&gt;;User Apache is running as&lt;br \/&gt;<br \/>
\nwebserver_user=www-data&lt;\/p&gt;<br \/>
\n&lt;p&gt;;Path all scripts have to be in&lt;br \/&gt;<br \/>
\ndocroot=\/var\/www:${HOME}\/httpdocs:\/usr\/share&lt;\/p&gt;<br \/>
\n&lt;p&gt;;Path to chroot() to before executing script&lt;br \/&gt;<br \/>
\n;chroot=\/mychroot&lt;\/p&gt;<br \/>
\n&lt;p&gt;; Security options&lt;br \/&gt;<br \/>
\nallow_file_group_writeable=false&lt;br \/&gt;<br \/>
\nallow_file_others_writeable=false&lt;br \/&gt;<br \/>
\nallow_directory_group_writeable=false&lt;br \/&gt;<br \/>
\nallow_directory_others_writeable=false&lt;\/p&gt;<br \/>
\n&lt;p&gt;;Check wheter script is within DOCUMENT_ROOT&lt;br \/&gt;<br \/>
\ncheck_vhost_docroot=false&lt;\/p&gt;<br \/>
\n&lt;p&gt;;Send minor error messages to browser&lt;br \/&gt;<br \/>
\nerrors_to_browser=false&lt;\/p&gt;<br \/>
\n&lt;p&gt;;PATH environment variable&lt;br \/&gt;<br \/>
\nenv_path=\/bin:\/usr\/bin&lt;\/p&gt;<br \/>
\n&lt;p&gt;;Umask to set, specify in octal notation&lt;br \/&gt;<br \/>
\numask=0022&lt;\/p&gt;<br \/>
\n&lt;p&gt;; Minimum UID&lt;br \/&gt;<br \/>
\nmin_uid=33&lt;\/p&gt;<br \/>
\n&lt;p&gt;; Minimum GID&lt;br \/&gt;<br \/>
\nmin_gid=33&lt;\/p&gt;<br \/>
\n&lt;p&gt;[handlers]&lt;br \/&gt;<br \/>
\n;Handler for php-scripts&lt;br \/&gt;<br \/>
\napplication\/x-httpd-suphp=&amp;quot;php:\/usr\/bin\/php-cgi&amp;quot;&lt;\/p&gt;<br \/>
\n&lt;p&gt;;Handler for CGI-scripts&lt;br \/&gt;<br \/>
\nx-suphp-cgi=&amp;quot;execute:!self&amp;quot;&lt;\/p&gt;<br \/>
\n&lt;p&gt;[\/bash]<\/p>\n
Ajouter les chemins d’acc\u00e8s aux scripts, notamment “\/usr\/share” s’il y a une installation de phpMyAdmin<\/a> :<\/p>\n [bash]&lt;\/p&gt;<br \/> D\u00e9sactiver la v\u00e9rification des racines des “vhost” :<\/p>\n [bash]&lt;\/p&gt;<br \/> Enfin, r\u00e9gler convenablement l’uid\/gid minimum avec celui du compte “www-data”; ainsi que l’umask par d\u00e9faut “0022”.<\/p>\n Pour laisser la main au module suPHP et suEXEC, la d\u00e9sactivation du module PHP5 est requise. suEXEC exploitera le fichier de configuration “\/etc\/php5\/cgi\/php.ini” \u00e0 l’avenir :<\/p>\n [bash]&lt;\/p&gt;<br \/> Il ne reste plus qu’\u00e0 d\u00e9ployer chacun des sites dans “\/var\/www”. Chaque site n\u00e9cessite la cr\u00e9ation d’un nouvel utilisateur\/groupe\/home qui lui est propre ! Ainsi “\/var\/www\/” ne doit pas d\u00e9j\u00e0 contenir de r\u00e9pertoire pour un site.<\/p>\n [bash]&lt;\/p&gt;<br \/>
\n&lt;p&gt;;Path all scripts have to be in&lt;br \/&gt;<br \/>
\ndocroot=\/var\/www:${HOME}\/httpdocs:\/usr\/share&lt;\/p&gt;<br \/>
\n&lt;p&gt;[\/bash]<\/p>\n
\n&lt;p&gt;;Check wheter script is within DOCUMENT_ROOT&lt;br \/&gt;<br \/>
\ncheck_vhost_docroot=false&lt;\/p&gt;<br \/>
\n&lt;p&gt;[\/bash]<\/p>\n
\n&lt;p&gt;root@ubuntu:\/# a2dismod php5&lt;br \/&gt;<br \/>
\nroot@ubuntu:\/# a2enmod suexec&lt;br \/&gt;<br \/>
\nroot@ubuntu:\/# a2enmod suphp&lt;\/p&gt;<br \/>
\n&lt;p&gt;[\/bash]<\/p>\n
\n&lt;p&gt;root@ubuntu:\/var\/www# useradd –home \/var\/www\/monsite\/ –create-home monsite&lt;br \/&gt;<br \/>
\nroot@ubuntu:\/var\/www# mkdir -p monsite\/httpdocs&lt;br \/&gt;<br \/>
\nroot@ubuntu:\/var\/www# mkdir -p monsite\/log&lt;\/p&gt;<br \/>
\n&lt;p&gt;[\/bash]<\/p>\n
![\"V\u00e9rification](\"https:\/\/www.asafety.fr\/wp-content\/uploads\/su1-300x281.png\" "\\"V\u00e9rification")
<\/a>