We at YIPL have the usual LAMP stack running on a Ubuntu 8.10 server, which also acts like a Desktop without much performance hassle. The LAMP stack we have had for the past one year had PHP running as mod_php. This setup is pretty easy without much configuration changes to what came in by default.

• Originally, Apache ran as www-data with limited access to anywhere else.
• The default folder was /var/www with 777 permission settings to get rid of any possible permission headache.
• PHP ran as mod_php

The system just worked, setup samba serve /var/www as nobody:nogroup and anyone can add / delete / edit files in the share and easily access it through http://servername/application name.

The limitations started popping with permissions. In the beginning it was easy to ignore them all and just ssh into it and change the permission to 777 for any file that caused the error. Easy quick fix that is until we recently tried to migrate everything to git.

Git is a really nice DVCS and we've been pretty happy to use it on couple of our projects. Each developer can have one instance of any web application run on their local machine and quickly sync it with codebase of other devs. The problem was when we tried to deploy any web application on the webserver. We originally wanted to run a copy of the application run on /var/www/appfolder but then we should be able to regularly checkout changes and make quick tweaks on it and save changes.

Once the webapp was deployed on the test bed, the original files had one permission and any new files created by web server belonged to another user altogether. So there was numerous problems getting it to play well with git. That aside, permissions were a daunting task for anyone new to console.

I finally managed to get some time today and setup a mix of suPHP Apache and Userdir on my virtualbox machine. The final setup seems a lot easier to use for any user with minimum permission hassle. I personally do not know how secure it is on a production environment but it should do the job in our server.

Install apache suphp mysql and php-mysql module

$ sudo apt-get install apache2 libapache2-mod-suphp php5-mysql mysql-server

What suPHP does is it checks the owner of any php file and runs the script through that user. So our setup is to get php working on any user's home dir with his / her own ownership.

Enable userdir module in apache

$ a2enmod userdir
$ sudo /etc/init.d/apache2 restart

Create public_html in the home folder and create a sample text file

$ mkdir ~/public_html
$ echo "My Home Dir" > ~/public_html/index.html

If you browse http://localhost/~bibek/ , you should be greeted with a page saying My Home Dir. If you try it with a php file, you will hit with "Internal Server Error". This is because we are yet to configure suphp config options.

Edit /etc/suphp/suphp.conf file and make following changes

$ gksudo gedit /etc/suphp/suphp.conf

Change

docroot=/
 
allow_file_group_writeable=true
allow_file_others_writeable=true
allow_directory_group_writeable=true
allow_directory_others_writeable=true
 
check_vhost_docroot=false

These above settings might have severe security consequences when used in public production environment. So i strongly suggest to go through suPHP manuals. Once saved, you should be able to run any .php file.

Note that since suPHP runs as mod-cgi, its performance is 4 to 5 times less than mod-php but that wouldn't matter in a small office.

The benefit of this configuration is now, any user can ssh into the server (WinSCP for Windows Devs) and through files into HOMEDIR/public_html and run it as the same user and yet sync it with git.

Running suPHP has its own limitations. The most common of them also with permission. Internet Server Error occurs frequently as one has to make sure that the directory permissions are set properly. In case you hit with Internet Server Error with any file insider a folder, chmod it to 755.

Also mod_rewrite will need some RewriteBase love.

Cheers