Installing Magento in a shared hosting environment
These instructions cover installing Magento on shared Linux bitServe web hosting accounts, however they will likely be usable by other shared Linux web hosting users also.
PHP and Shared Hosting
PHP as a scripting language was designed to be installed as a dynamic module for the web server to ensure optimimum speed and performance. Generally speaking, the web server on a shared server runs as a single system user regardless of which account holder’s web site is being served. As a result, this requires that all PHP scripts on the server be accessible by the one system user, and would in theory allow all users on that web server to then use PHP to view each other’s files.
PHP installations in a shared web hosting environment are typically done in two different ways to ensure that users in the shared space can’t access each other’s files.
PHP as CGI
Apache, the most installed web server software, supports executing scripts and programs with suexec. This means that before any script or program is executed, the web server first switches to the user for the specific web site that it is serving. This locks the program or script being run into only accessing files that the user for that web site has access to, based on file permissions.
PHP can be installed to be run as a CGI script, instead of as a loadable module for the web server, but it requires a lot more system overhead and can noticably effect the speed of sites with a lot of heavy PHP scripts.
With this setup, all data accessed by PHP doesn’t need to be readable or writable by the system user that the web server runs as.
PHP with open_basedir
PHP scripts for a user can be locked into only being able to access documents within that user’s home directory using the open_basedir function in PHP. However, PHP natively can all other applications that would then be running as the web server system user that could then access these files. When using open_basedir to restrict access to files, PHP must also be prevented from calling any third party program or script.
With this setup, all data accessed by PHP needs to be readable or writable by the system user that the web server runs as. However, no user can view another user’s data due to the directory restrictions.
Different web server for each user
For ultimate security, a seperate web server instance can be set up for each account holder on the shared server. This would then have a different system user for each account, so everything could be protected simply with file permissions and not relying on suexec or directory restrictions.
With this setup, all data accessed by PHP would be owned by the user that owns the data, and the web server would be running as the same user.
If your web host puts more than one account on a server, and they’re not set up in a protected virtual server environment, and they’re not using one of the above methods, more than likely account holders can view each other’s data.
Since the Magento download page makes it pretty difficult to download the file directly from a Linux shell using wget, I recommend first downloading the file to your workstation from the download page. Select the latest Full Release of type tar.gz. (The current version is vailable at this url if you want to try wget and wget is available to you via shell access.)
Once you have the file downloaded, upload it in binary mode using your web host’s file publishing methods, to your web site’s root directory. This will usually be the directory one up from your htdocs or document directory.
I recommend that if you’re setting up a store, that you focus your web site on the store. There are not any online retail businesses that have a web site, and then a store as a subsection of that site. When visitors visit your site, you want to throw them right into the store, so there’s no reason to install Magento into a subdirectory. Instead, install it as your main site.
To do this, rename your document directory to something different. For example, if it’s named “htdocs”, rename it to “htdocs.old”. Then using ssh, log into your shell access and untar the file with the tar command:
tar xzvf filename.tar.gz
Where filename.tar.gz is replaced with the name of the file archive that you have uploaded to your web server. For example:
tar xzvf magento-220.127.116.11.tar.gz
This will unarchive the documents into a folder named magento. Note that if you are a server administrator doing this for an account holder, you should switch users to that account holder before unarchiving the documents.
bitServe offers shell access to it’s shared web hosting users, but if your host doesn’t offer shell access, you can instead download the .zip format when downloading Magento. Then you can unarchive the file into a magento folder on your computer and upload all of the documents inside the magento folder to your document directory.
If you’ve used the shell method, you will want to rename the magento folder to the appropriate name of your documents folder, for example, rename “magento” to “htdocs” with:
mv magento htdocs
If you’re in a shared hosting environment with open_basedir in effect, you’ll need to perform some additional steps, or you’ll get some “file_exists()” warnings and some “open_basedir restriction in effect” warnings. Do not perform these steps if you are not on a shared environment that uses open_basedir restrictions.
If your documents directory is named differently, then cd into that directory instead.
chmod o+rwx var chmod o+rwx app/etc chmod -R o+rwx media
Finally, visit your web site and start going through the GUI installation, answering any questions and clicking on the continue button.