suPHP is a tool for executing PHP scripts with the permissions of their owners or a program that controls who can access certain files. All scripts executed on the server need to be authorized to run on the server. This is done through the file permissions. For more information on file permissions, please read our article about file permissions

Since most PHP scripts run with the user "Nobody" this means that the control of the file is directly related to the permissions assigned to the file. Since "Nobody" is not the User or Group member you'd have to open the file permissions to 0777 for read, write, and execute for all categories. This is problematic since you're now letting users off the server execute files. This gives them the ability to add code to the URL and manipulate the file accordingly. This can give them access to your entire site depending on the file then modify and how it is written.

This is not an ideal method and could pose a security risk. suPHP will stop PHP from running as "Nobody" and make it so the files can only be written by the User allowing better site containment.

Why use suPHP?

The benefit of using suPHP besides better security, is that it will make any PHP applications (most often CMS systems) such as Mambo more user friendly. Case in point: If you upload/install anything via Mambo such as a template on a non-suphp server, then those template files will be owned by ‘nobody’ and the customer will not be able to edit them manually or even delete their account. This ownership issue is done away with suPHP. On a suPHP enabled server, those same template files will be owned by the account username and the account holder will be able to manipulate those files as they see fit.

Furthermore, many third party applications require certain folders to have 777 permissions. 777 permissions mean that the whole world has write access to them. If your website code has a vulnerability in it which hackers could upload files to your account, having 777 will allow them to do so. suPHP does not require 777 permissions, which makes your website more secure. suPHP will also throw an error message if it tries to access any folder with 777 permissions.

Need Hosting?

All of our servers plans and packages comes with suPHP. However, if you are getting serious about hosting and need a solution above a shared hosting account, our VPS servers have you covered. Read more about what you get with our VPS prices.

If you need further assistance please feel free to contact our support department.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
2014-03-24 2:25 pm
Michael Wood

Thank You for your help

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

1 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!