Using SuPHP on a VPS

Nick asked:

I am running a site with a WordPress CMS. I tried to install W3 Total Cache to speed up the site files, but I didn’t know which opcode to pick (I am on a VPS), so I put a support ticket in with my host. The host came back telling me the following:

APC is not available on your VPS. Your VPS is running PHP with SuPHP,
so the APC will not work with it.

> ====================================================
> -bash-3.1# hostname
> -bash-3.1# /usr/local/cpanel/bin/rebuild_phpconf --current Available handlers: suphp dso cgi none DEFAULT PHP: 5 PHP4 SAPI: none PHP5 SAPI:
> suphp SUEXEC: enabled RUID2: not installed
> bash-3.1#
> ==================================================== 

The suPHP is a must as it provides an additional layer of protection
on servers. It causes php scripts to run under the account username
instead of the user ‘nobody’ which is the user that apache/php would
run under on a server that is not running suPHP. This feature allows
us to more easily track any potential security breaches that come in
via insecure php script(s) that a user is running.

If you still want APC, then we will need to recompile PHP without
suphp on your VPS. Please note that some websites scripts may not work
with PHP without suphp.

I also run a forum on the site that is handled with vBulletin. Do I need suPHP? Is the tradeoff for speed with caching worth removing it? I am not a sysadmin but I read that suphp is mostly recommended when on a shared server.

My answer:

It appears that your VPS was preinstalled with various scripts which are useful for providing shared web hosting services. Among these are cPanel and suPHP.

While these can be convenient to use, if you aren’t actually providing shared web hosting and you’re the only person using the machine, then they’re mostly redundant and unnecessary.

SuPHP, in particular, is designed to isolate users from each other in a shared hosting environment. If you’re the only person hosting a site there, then it’s superfluous; you can simply set permissions to whatever your applications may require.

If you’re willing to learn the basics of setting up Linux, Apache and so on, you can probably also get rid of the cPanel license and save a few bucks.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.