suPHP wont allow access to parent magento multisite via symlinks. is there another way to do this? (example rewrite prg)

Question

ive seen other posts on stackoverflow about this but there hasnt been a solid answer to any of the questions. so im combining the knowledge i've gathered from the other posts and rewording things to hopefully get a solid answer. suPHP is a mod that makes it so that when apache runs scripts, it runs them as the respective owner of said scripts (from my understanding), as well as other things. So my problem is that i moved a magento multisite to a new server and this server gives me odd errors when trying to reach the multisites, for example, a permissions error. It says that i cant access the files because the ownership of the files is different than the user trying to read/run them. In addition to that problem, after fixing the symlinks to be owned by the correct user, the contents of the symlinks MUST be owned by the parent store in magento or the entire thing goes down the tubes.

FYI the error im getting is the typical:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@xxx.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

I saw some information that implied this couldn't be fixed at all. But, in addition to that, i saw another page that implied it could be fixed with the apache directive RewriteMap prg. If it can be fixed this way, can somebody please walk me through how to do that? If it's a lost cause, somebody please tell me. I've wasted a ton of time on this already and i cant afford to waste any more. Also, if there's a solution to this that i missed, please tell me. thanks guys

Answer 1

Correct, if you have two sites trying to run as different users but share the same code base or portions in a common directory with SuPHP enaled, it won't work. SuPHP basically ensures folders match the owner. There's a good post about it on cPanel's forums: http://forums.cpanel.net/f5/suphp-symbolic-links-reseller-account-212102.html#post873521

Updated; Since you have root access and control all the sites on the server you can disable SuPHP as mentioned. I've personally found no real benefit of SuPHP if you own and actively manage all the sites. The purpose of SuPHP is basically to restrict what someone can do if they get access to any one of your PHP sites by limiting where they can go by user account.

Keep in mind that by disabling it, if you do have a security breach that it's common for attackers to search every writable directory and inject things like JS malware and PHP backdoor shells to your server. It means the damage could be more widespread.

Using a good web application firewall like mod_security is good and more worthwhile IMO. It can inspect POST/GET requests for SQL injections, etc. You can customize the rules, but it has a learning curve. Basically it bolts onto Apache.