UserDirectoryPHP
Purpose
When completed, this procedure allows users to securely run PHP files from ~/public_html/ to manipulate their own files.
Procedure
Do not use the method in the Old Procedure section for setting up PHP interpretation in users' home directories -- the old procedure uses an insecure and performance-wasting method for achieving this goal. If all you are seeking is to enable PHP scripts in users' personal public_html directories, simply do the following:
sudo apt-get install php5 sudo a2enmod php5
If you're using the latest version of Ubuntu (16.04 or later), consider using PHP7.0 instead of PHP5. To do so, check if you already have PHP installed.
php --version
If you do not have PHP already installed, you will likely see a message such as
$ php --version The program 'php' can be found in the following packages: * php7.0-cli * hhvm Try: sudo apt install <selected package>
To install PHP from the Ubuntu repositories,
sudo apt install php
If you already have PHP installed, you will likely see something like
$ php --version
PHP 7.0.4-7ubuntu2 (cli) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend TechnologiesAt this point, Apache and PHP are installed and ready to go. A recent update to the Lucid distribution, however, requires a slight change to /etc/apache2/mods-available/php5.conf to re-enable interpretation in users' home directories -- previous distributions do not require this change. Simply open up this file in your favorite editor as root (a simple sudo gedit /etc/apache2/mods-available/php5.conf will suffice) and comment out (or remove) the following lines:
<IfModule mod_userdir.c>
<Directory /home/*/public_html>
php_admin_value engine Off
</Directory>
</IfModule>If you don't see anything starting with PHP in /etc/apache2/mods-available, you likely need to install libapache2-mod-php. Run
sudo apt install libapache2-mod-php
After running it, you should see phpx.conf and phpx.load where x is the current PHP version. For example, at the time of this writing, I see php7.0.conf and php7.0.load. Edit the conf file as shown above.
Once this has been done, restart apache2 with the usual sudo /etc/init.d/apache2 restart and PHP should be successfully installed and working.
Make sure you have userdir enabled. If it is not enabled, run the following to enable it
sudo a2enmod userdir
Security note: Running PHP scripts in users' home directories was not disabled for a frivolous reason -- PHP is a full programming language, and as such, can be used by attackers in nefarious ways. Ideally, the PHP engine should only be enabled for users you (the system administrator) trust, and even then sparingly. To do this, instead of removing the above lines, create a file (as root) called /etc/apache2/conf.d/php-in-homedirs.conf with the following contents:
<IfModule mod_userdir.c>
<Directory /home/$USERNAME/public_html>
php_admin_value engine On
</Directory>
</IfModule>Simply replace the $USERNAME with the user name of the user you wish to allow PHP access to. Also note that the <Directory> section may be repeated as many times as is necessary. Save the file, and restart Apache with a sudo /etc/init.d/apache2 restart and PHP should only be enabled for the users listed in this file. See the Apache documentation on the Directory tag for more information.
Old Procedure
Note: The below method for allowing all users to exec their own PHP scripts as themselves is dangerous both to the users' data, and possibly the system itself -- especially if it is enabled system-wide. As a result, it should be avoided at all costs.
Install Apache 2, PHP 5, and support for executing pseudo-binaries.
sudo apt-get install apache2 php5-cgi binfmt-support
Configure PHP 5 to run .php scripts from the shell.
sudo update-binfmts --install PHP /usr/bin/php5-cgi --extension php
Enable necessary Apache modules.
sudo a2enmod rewrite sudo a2enmod suexec sudo a2enmod include sudo a2enmod userdir
Enable Apache's handling of PHP files. Add the following line to /etc/apache2/apache2.conf
AddHandler cgi-script .php
Configure the userdir module. Uncomment the following lines in /etc/apache2/apache2.conf.
UserDir public_html
UserDir disabled root
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options Indexes SymLinksIfOwnerMatch IncludesNoExec
</Directory>Add the ExecCGI option. The block should now appear as below.
UserDir public_html
UserDir disabled root
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options Indexes SymLinksIfOwnerMatch IncludesNoExec ExecCGI
</Directory>Reload the Apache configuration.
sudo /etc/init.d/apache2 force-reload