Hi-

Can anyone recommend a resource for learning to administrate PHP? Or can someone give a little guidance as to what subjects should be understood to adminstrate php properly? I don't currently offer PHP, because I don't feel confident of what is required to keep PHP happy and running.

I am comfortable w/ apache installation, configuration, and installation, and am familiar w/ PHP programming... that's not an issue. Just don't know where to learn how to configure and maintain it.

Thanks in advance!
Jake

There is really not much to administer in PHP. It's just an Apache module.

The real choices are how you configure/build PHP. That will be totally determined by your needs. For example, if you are doing hosting you'll prob. want safe_mode enabled. If you're doing dynamic graphic generation, you'll want jpg or png support etc.

Frank

The thing to watch out for with PHP (or any server-side scripting or even CGI) is whether customer #1 can write a script which can read/modify/delete Customer #2's website. Even read access is dangerous because poor Customer #2 probably has their mysql password in a file somewhere, allowing customer #1 to connect and delete their data.

(safe_mode helps with this, but is a pain in the rear for customers)

Originally posted by magnafix
The thing to watch out for with PHP (or any server-side scripting or even CGI) is whether customer #1 can write a script which can read/modify/delete Customer #2's website. Even read access is dangerous because poor Customer #2 probably has their mysql password in a file somewhere, allowing customer #1 to connect and delete their data.

(safe_mode helps with this, but is a pain in the rear for customers)

The only way to really achieve this with Apache 1.3.x is to have PHP running as a CGI.

proper use of file system permissions, and apaches SUEXEC feature can allow you to safly disable php's safe_mode function.

Ah yes, the PHP file permissions security puzzle. How do you have a file that is readable by Apache but not another person's CGI script or PHP page? There's a few threads on this... here's one:

http://www.webhostingtalk.com/showthread.php?threadid=26266

After coming to grips with the hassles of PHP's 'safe mode' (particularly with regards to file uploads and any file manipulation), our solution involved a kernel module (to eliminate the #!/usr/local/bin/php line), a custom apache module (based on Licoln Stein's Sbox program for user-switching, chrooting and resource limitation), PHP running as CGI, and user-configurable php.ini files. Customer PHP scripts now run as their user in a chrooted environment, just like their shell or FTP. Whew!

:cool: