I have setup a CentOS server for hosting numerous websites and projects. I have decent experience with Linux, Apache, PHP, etc however I have always been used to setting it up for a single user. I have successfully setup Apache with a userdir and Virtual Host configuration however I am having issue with permissions. A lot of the websites and php applications running do not function properly because they do not have permission to write to directories and files in their own folders. Unless I set apache as the owner of the files, they won't function properly. I have tried changing the group to Apache and giving group permissions to write (775) however it didn't solve my issue either.
I have done alot of research and I'm wondering if there's anyone out there who can give me a simple answer to how apache is supposed to be setup for a multi-user web server. I have recently discovered suPHP but I'm not sure if that would be the proper solution or not. Please give any advice possible to setting up this web server so that the users don't have to worry about permissions errors.
suPHP will do the job as it will make PHP write as the user and give the user permissions as if it was FTP. However, suPHP is slow. Look in to php via fastcgi, or php-fpm . (starting with php 5.3.3 and above for php-fpm). Usually php-fpm is done with nginx, but you can do it with apache.
After that, for shared hosting permissions should never be world write and files should always be owned by the hosting account user and not apache/nobody/httpd. Folders should be 755 and files 644 or 755 if they need execute for some reason. (PHP doesn't need 755).
-Steven | u2-web, LLC - Clustered Shared Hosting "It is the mark of an educated mind to be able to entertain a thought without accepting it" -Aristotle
I have installed and configured FCGI successfully and php applications now run under the appropriate user, avoiding all permissions errors. It took a few days due to myself having no experience with this before but it seems to be running good now. I've had to work around a few internal server errors but it seems that it was just a few parameters in the httpd config that needed tweaking.
Thanks for the prompt and informative replies, I appreciate it.