Published March 6th, 2005

suphp has been around for awhile now, but I do not understand why anyone would use it. On their page, it says:

Quote from suPHP Homepage:

suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.

To me, it looks like a bad reimplementation of CGI and suEXEC. Their FAQ isn’t very helpful either. I took a quick look at the source code, and it doesn’t even use modcgi or modcgid to execute the actual process. mod_cgid does some neat tricks to avoid the overhead of forking when you have a multi-threaded server.

It doesn’t to have see any advantage over suEXEC. It is even possible to use mod_fcgid to run each FastCGI as a different user, and it would be signifigantly faster than suPHP. So, my question of the day is, Why would anyone use suPHP?


Written by Paul Querna, CTO @ ScaleFT. @pquerna