Sunday, February 8, 2009, 9:36pm
I use suPHP for security reasons where applicable. Today, I ran into a situation where my Linux distro's package manager installed a php script, but did so in /usr/share/something, which is fine because a quick symlink of ln -s /usr/share/something /home/sitenamedotcom/web/something took care of the issue. (Yes, I keep my sites in /home/sitenamedotcom.) But this won't work at all since this is /usr/share/anything is way outside the docroot that suPHP is configured with.
But wait, suPHP supports multiple docroots as of the December 2008 suPHP 0.7.0 release, awesome. But none of that matters since my distro doesn't have this version. Sure, they will soon, since they're aware of the issue, but given I tend to jump from their long term support releases which come out every two years (as to avoid getting sucked into a six month cycle where it feels like all I do is update operating systems and spend time fixing the configuration that broke) it looks like I'm stuck without this for about 18 months.
Don't get me wrong, I completely understand why things are done the way they are. But switching to a packaged program as opposed to subscribing to yet another security list and keeping things up to date myself was supposed to make my life easier. Sigh.
Oh and if you're going to go ahead with this anyhow, the default suPHP configuration has check_vhost_docroot set to true. You'll need to set that to false or your error.log will be littered with lots of foo is not in document root of Vhost of bar errors.