suPHP is a tool for executing PHP scripts with the permissions of their owners or a program that controls who can access certain files. All scripts executed on the server need to be authorized to run on the server. This is done through the file permissions. For more information on file permissions, please read our article about file permissions.
Since most PHP scripts run with the user “Nobody” this means that the control of the file is directly related to the permissions assigned to the file. Since “Nobody” is not the User or Group member you’d have to open the file permissions to 0777 for read, write, and execute for all categories. This is problematic since you’re now letting users off the server execute files. This gives them the ability to add code to the URL and manipulate the file accordingly. This can give them access to your entire site depending on the file then modify and how it is written.
This is not an ideal method and could pose a security risk. suPHP will stop PHP from running as “Nobody” and make it so the files can only be written by the User allowing better site containment.
Why use suPHP?
The benefit of using suPHP besides better security, is that it will make any PHP applications (most often CMS systems) such as Mambo more user friendly. Case in point: If you upload/install anything via Mambo such as a template on a non-suphp server, then those template files will be owned by ‘nobody’ and the customer will not be able to edit them manually or even delete their account. This ownership issue is done away with suPHP. On a suPHP enabled server, those same template files will be owned by the account username and the account holder will be able to manipulate those files as they see fit.
Furthermore, many third party applications require certain folders to have 777 permissions. 777 permissions mean that the whole world has write access to them. If your website code has a vulnerability in it which hackers could upload files to your account, having 777 will allow them to do so. suPHP does not require 777 permissions, which makes your website more secure. suPHP will also throw an error message if it tries to access any folder with 777 permissions.
All of our servers plans and packages comes with suPHP. However, if you are getting serious about hosting and need a solution above a shared hosting account, our VPS servers have you covered. Read more about what you get with our VPS plans.
If you need further assistance please feel free to contact our support department.