We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

[Solved] modX 1.0 with suPHP....?

    • 6998
    • 25 Posts
    delorean88 Reply #1, 14 years, 8 months ago
    Is there anything special besides changing permissions of directories and scripts that I need to do to use modX with suPHP?

    I read through the "Securing your site" wiki article, but (it even asks at the top) is that still valid for 1.0?

    I installed it on a server without suPHP, then got it moved to one with suPHP for security reasons. Will that cause any problems?

    (I’m a newb to all of this, if you can’t tell).

    Thank you, your time is greatly appreciated!
    • sottwell Reply #2, 14 years, 8 months ago
      There shouldn’t be any problems. It’s just a matter of determining what permissions your server is configured to require for files and directories.

      All suPHP does is s-witch the u-ser of the script process to the owner of the script; since you installed it as your FTP (or ssh) user, that’s the user it will run as. As soon as your web server is asked to run a .php file, it will hand it over to the PHP engine which determines who the owner is, and switches user while processing that .php file. This way the file and the directory it’s in don’t have to be readable or writable by "everybody", as it normally does if a .php script wants to write a file, such as the cache files or image thumbnails.

      Some servers require specific permissions for suPHP, others don’t. When I have the choice, I prefer to have as little permission as possible; on shared servers with this option I’ll set all the core files to read-only for owner, no permissions at all for "group" or "others". Your server configuration may require read + write for owner, read-only for group and others.
        Studying MODX in the desert - http://sottwell.com
        Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
        Join the Slack Community - http://modx.org
        • 6998
        • 25 Posts
        delorean88 Reply #3, 14 years, 8 months ago
        Thank you so much, you’re extremely helpful! (but I bet you knew that) wink

        To be clear, do I need to make changes to the php files like it says in "Securing your site"?
        • sottwell Reply #4, 14 years, 8 months ago
          A link to the article in question would be helpful; there are getting to be too many wikis and blogs and articles to be sure of which one you are referring to.
            Studying MODX in the desert - http://sottwell.com
            Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
            Join the Slack Community - http://modx.org
            • 6998
            • 25 Posts
            delorean88 Reply #5, 14 years, 8 months ago
            Sorry, here!

            http://wiki.modxcms.com/index.php/Securing_your_site
            • sottwell Reply #6, 14 years, 8 months ago
              It won’t hurt; it would certainly be beneficial for securing the cache files and any other files MODx creates.

              To be honest, I’ve never had a problem with a stock MODx install when I had servers with this. The server itself set the permissions of all newly created files and what the MODx scripts wanted to do was irrelevant. As I mentioned, it all depends on how the server itself is configured.
                Studying MODX in the desert - http://sottwell.com
                Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
                Join the Slack Community - http://modx.org
                • 6998
                • 25 Posts
                delorean88 Reply #7, 14 years, 8 months ago
                Okay, thanks very much!!