suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.
Clone or download
lightsey Switch PathMatcher to use fnmatch().
The fnmatch() behavior is more flexible and predictable.
Latest commit 9de3bef Sep 3, 2018


== suPHP                 ==

What is it?

The suPHP project combines an Apache handler module and a setuid
binary. Together, they allow PHP scripts to safely run as the script
owner rather than the Apache webserver user.

suPHP validates that the requested PHP script has appropriate ownership
and permissions. It also verifies that the filesystem paths leading to
the PHP script have safe ownership and permissions.


Documentation for mod_suphp is available in the "doc" directory.

The "doc/INSTALL" file details the installation process of mod_suphp.

The "doc/CONFIG" file contains instructions for configuring the setuid
suphp binary.

The "doc/apache/CONFIG" file contains instructions for configuring
the mod_suphp Apache handler module.

Reporting Bugs

If you encounter bugs while using mod_suphp, please open an issue
at the github repo:

If you believe you have found a security flaw in mod_suphp, please
email the details directly to


suPHP - (c)2002-2013 Sebastian Marsching <>
        (c)2018 John Lightsey <>

suPHP is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

suPHP is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with suPHP; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301