SAMP (Solaris, Apache 2, MySQL 5, and PHP 5) Setup for Solaris 10 OS and Solaris Express

For users of OpenSolaris or Solaris Express (Community or Developer Edition) running build number 79a or later, our recommendation is to use the built-in or supplied AMP (Apache HTTP Server, MySQL, PHP) components and the integrated extensions.

The above AMP components are installed as part of any x86 and x64 Solaris Express install after build 79a. However, if you use the Solaris Express, Developer Edition install, you also get a gnome launch menu entry called Launch -> All Applications -> Developer Tools -> Web Stack Admin that you may enjoy. If you did not choose the Developer Edition install, but instead used the classic installer or JumpStart on the x86 or x64 architectures (these components are not available on the installation disc for SPARC architectures) you can still add this menu by performing the following steps:

a. Log in as root.

b. cd to the directory or path of the installation media (perhaps a DVD or NFS path).

c. In the directory of the install media, run the following command:

# DeveloperTools/install_devtools.sh

This will install the AMP stack and developer tools (Sun Studio, NetBeans, and so on).

If, instead, you are running OpenSolaris 2008.05, good instructions for installing the AMP stack components from your default IPS package repository can be found on the Installing Web Stack Components page at http://dlc.sun.com/osol/docs/content/WEBSTACK/ggrud.html.

For Solaris 10 users, we really suggest the Optimized Open Source Software Stack (Cool Stack) components, available from http://cooltools.sunsource.net/coolstack/.

Of course, users are welcome to continue experimenting with the community methods outlined in the article below. We simply feel that the newer options mentioned above will get you up and running faster, and with more complete integration and tuning.

Editor’s note: Also useful are the LAMP-SAMP page on the BigAdmin wiki and the 2008 SDN article Beyond LAMP: SAMP… LGPJ… LAMJ….

Many documents and blogs can be found on the Internet explaining how to use the Solaris 10 OS for a SAMP server (Solaris, Apache 2, MySQL, PHP). However, many of these articles are for older versions of the software packages or do not include the popular PHP language. Some of them lack any detail or examples to help you understand the process.

Before starting, it should be clarified that an installation of the Solaris 10 OS or Solaris Express does include Apache 2.0.x and MySQL 4. The Companion CD for the Solaris 10 OS also includes PHP 4. However, at this time the Solaris OS does not bundle PHP 5 or MySQL 5.

This article shows the technical user how to build their own up-to-date copy of PHP5 and integrate it with MySQL5 from Blastwave and the version of Apache2 included with the Solaris OS. However, for those who do not wish to compile any software, and prefer an optimized and high-performing Sun build of these packages, please check out Sun’s “Ready to Run” Cool Stack packages at http://cooltools.sunsource.net/coolstack/index.html and/or http://sunfreeware.com/coolstack.html.

An older article for configuring a SAMP server with the above packages can be found among the community submissions on the BigAdmin portal. However, that article lacks significant detail and uses the older Apache 1.3. Mel Lester’s article (also referenced on the BigAdmin portal) is well-written, shows much detail, and is almost what we want. The only exception is that Lester’s article uses the version of MySQL 4 that is bundled with the Solaris 10 OS, and not the current MySQL version 5.x that we prefer.

The primary reason that many of us like to rebuild software is to obtain recent versions of the packages, which might include performance enhancements, bug and security fixes, and compile-time options that provide features you may need for various PHP web applications.

For this exercise, the installation will use the following software:

* Apache as delivered with the Solaris installation
* MySQL 5, from Blastwave.org, using pkg-get to install it
* The latest PHP 5 from php.net, downloaded and compiled

We will build in 32-bit mode, using a mostly GNU tool chain.

The procedure below will integrate these three applications together so that you are ready to use the Solaris 10 OS, Apache, PHP 5, and MySQL 5 web applications.

Here are the steps:

1. Install the Solaris 10 OS, Solaris Express/Nevada, or OpenSolaris.

2. Make sure your system is networked so that it can reach the Internet and is using a static IP address. If you need assistance with network configuration, review this documentation: System Administration Guide: IP Services.

3. We wish to install MySQL 5 from Blastwave.org. Open a web browser, go to Blastwave.org’s step-by-step guide, and perform steps 1 through 7. It’s that simple, and you are now ready to use the pkg-get command to install packages such as MySQL 5 over the network.

4. We are now ready to install MySQL 5 packages. From a console or xterm window, log in as root and issue these commands:

# /opt/csw/bin/pkg-get -i mysql5 mysql5client mysql5devel mysql5rt
# /opt/csw/bin/pkg-get -i mysql5test

Note: It is very important to install the mysql5devel package, or else you will have trouble building PHP 5 later.

5. Now let’s set up MySQL 5.

Blastwave.org has a guide: Go to http://www.blastwave.org/packages.php/mysql5 and click the grey button that says “View news and info about the software package”. We have repeated the guidelines here, and also expanded upon some of the discussion. (Thanks to Blastwave for their generosity in sharing their work with us.)

A. Create the config file /opt/csw/mysql5/my.cnf, as follows: Copy one of the my-*.cnf files in /opt/csw/mysql5/share/mysql/ to /opt/csw/mysql5/my.cnf and make any changes appropriate for your environment, such as enabling InnoDB. Note that /opt/csw/mysql5/var is a deprecated location for my.cnf. If you are not sure which file to copy, use my-small.cnf.

B. It is important to set up a MySQL user and group before initializing the database in the next step. This is done for you by the Blastwave package install script. However, if you are building MySQL from source, you will need to create a MySQL user and group as follows:

# groupadd mysql
# useradd -c “MySQL Server” -d /dev/null -g mysql -s /bin/false mysql

C. Initialize the MySQL database and fix the permissions:

cd /opt/csw/mysql5
./bin/mysql_install_db
chown -R mysql:mysql ./var

Caution: If you skip the chown step above, MySQL will refuse to start.

D. Start MySQL 5. To simply attempt to start the server and see if the above steps were done correctly, you can issue this command:

# cd /opt/csw/mysql5 ; /opt/csw/mysql5/bin/mysqld_safe &

You can then check with the ps command to see if it started, and use the kill command and the PID to stop it.
Caution: Make sure you kill the previously-mentioned process before proceeding, or else MySQL will not start properly when you enable the SMF server in the next steps.

This command should work:

# pkill mysql

Now, to ensure it will start after a reboot, read on.

Note: Recent builds of Solaris Express, Nevada, and Solaris 10 updates are using SMF to start daemons such as mysql. The process below may vary. If your version of Solaris uses SMF, you will use the svcadm commands shown below to start/stop MySQL 5.

Old RC File Method:

# /etc/init.d/cswmysql5 start

New SMF Method:

If you installed the MySQL 5 package on a version of Solaris that is using SMF instead of RC files, you will find that the package installed an SMF manifest for MySQL 5, and you can see the state of the service by using this command:

# svcs -a | grep mysql
disabled 13:36:01 svc:/network/cswmysql5:default

To make sure the MySQL 5 server starts (and also at reboot), issue this command:

# svcadm enable svc:/network/cswmysql5:default

You can verify using this command again:

# svcs -a | grep mysql
online 15:12:43 svc:/network/cswmysql5:default

You can stop the server with command # svcadm disable svc:/network/cswmysql5:default and it will remain stopped, even across a reboot, until you issue the svcadm enable command.

E. Please remember to set a password for the MySQL root user!

This should not be the same as your Solaris root user password! To do so, start the server, then issue the following commands:

To set the local password:

# /opt/csw/mysql5/bin/mysqladmin -u root password ‘new-password’

# /opt/csw/mysql5/bin/mysqladmin -u root -h \
password ‘new-password’
(The previous command line will fail, and is not needed, if you have disabled network access via the security discussion in Step 5, part I below.)

See the MySQL 5 documentation for more instructions.

F. Optional: This takes some time. You can run test suites for the MySQL daemon with the following commands:

# cd /opt/csw/mysql5/mysql-test
# ./mysql-test-run

G. Check the install:

# ./bin/mysql -p

You will be prompted to enter MySQL root’s password. You should see a mysql prompt. Try a command such as STATUS to see if the server responds. Next, try to run a test query from the mysql prompt:

show databases;

The mysql and test database is returned.

quit

Note: Startup options may be overridden by creating and editing either /opt/csw/mysql5/etc/mysql5rc or /etc/opt/csw/mysql5rc.

The template for mysql5rc is in /opt/csw/mysql5/share/mysql. You must use this template if making an rc file for your system. For example:

1. # mkdir -p /etc/opt/csw
I use these permissions: chown root:bin /etc/opt/csw and chmod 0755 /etc/opt/csw.
2. # cp /opt/csw/mysql5/share/mysql/mysql5rc /etc/opt/csw/
If no mysql5rc file is available, the daemon starts with defaults. If this is your first experimental system, don’t bother with this step; it is optional.

H. Reference docs:

* MySQL Reference Manual
* Getting Started with MySQL (introductory article)

I. MySQL security is beyond the scope of this article. However, here are some basic steps to consider:

* Make sure the MySQL root user has a password set, and that it is different than the host system root password.
* Ensure that only the MySQL user has read and write access to the database directory.
* If using MySQL on a web server for PHP (so only localhost connections are needed between PHP/Apache and MySQL), add the line skip-networking to the [mysqld] section of your /opt/csw/mysql5/my.cnf configuration file. This will disable all TCP/IP remote connections to the MySQL server daemon.
* Disable the use of the LOAD DATA LOCAL INFILE command, which could permit unauthorized reading from local files, especially when new SQL injection attacks occur. In the [mysqld] section of your my.cnf file, add set-variable=local-infile=0.
* Get rid of anonymous user accounts in the users table.

The preceding steps only scratch the surface, but make for good improvement after installation. Please do review articles about MySQL security on the web by entering “Securing MySQL” into your favorite Internet search engine.

6. We are now done with installing and testing MySQL 5. Next, let’s build PHP 5. We’ll borrow portions from Mel Lester’s web site, with his kind permission. We will modify some of the PHP configuration since we are using different options and paths.

Specifically, we will change the configuration of PHP 5 before compiling to use the path to our Blastwave MySQL 5 in /opt/csw/mysql5, and also add some other options. The procedure will also verify that you have the needed GNU tools installed to build PHP 5.

A. Log into the global zone as root and ensure that /opt/csw/bin and /usr/sfw/bin are in $PATH, as follows:

global# echo $PATH
/opt/csw/bin:/usr/sfw/bin:/usr/sbin:/usr/bin:/usr/openwin/bin: \
/usr/dt/bin:/usr/ccs/bin

OK, let’s talk. First, you may not want to modify the .profile for root and clutter up the / directory with junk. I’d suggest, for the Solaris 10 OS, Solaris Express, or OpenSolaris, that you create the directory /root, and make another root account in /etc/password that uses the bash or ksh shell, and points to /root as a home directory. However, that is a choice and topic for you and Google. Whatever you decide, please ensure that your path has the components above. Then proceed.

B. Use the Blastwave.org pkg-get command (installed in Step 3 above) to install the GNU autoconf, automake, and gsed packages. Versions of the software below should be relatively similar or more recent.

global# pkg-get -i autoconf

global# which autoconf && autoconf –version | head -2
/opt/csw/bin/autoconf
autoconf (GNU Autoconf) 2.59
Written by David J. MacKenzie and Akim Demaille.

global# pkg-get -i automake

global# which automake && automake –version | head -2
/opt/csw/bin/automake
automake (GNU automake) 1.8.3
Written by Tom Tromey
.

global# pkg-get -i gsed

global# which gsed && gsed –version | head -2
/opt/csw/bin/gsed
GNU sed version 4.1.4
Copyright (C) 2003 Free Software Foundation, Inc.

C. Verify availability of other open source software required to install PHP. (You can review the Solaris specific installation tips section of the PHP manual if you wish.) Versions of the following software should be relatively similar or more recent:

global# which gcc && gcc –version | head -2
/usr/sfw/bin/gcc
gcc (GCC) 3.4.3 (csl-sol210-3_4-branch+sol_rpath)
Copyright (C) 2004 Free Software Foundation, Inc.

global# which gmake && gmake –version | head -2
/usr/sfw/bin/gmake
GNU Make 3.80
Copyright (C) 2002 Free Software Foundation, Inc.

global# which flex && flex –version | head -2
/usr/sfw/bin/flex
flex version 2.5.4

global# which bison && bison –version | head -2
/usr/sfw/bin/bison
bison (GNU Bison) 1.875
Written by Robert Corbett and Richard Stallman.

global# which gm4 && gm4 –version | head -2
/opt/csw/bin/gm4
GNU M4 1.4.3
Written by Rene’ Seindal.

global# which perl && perl -v | head -2
/opt/csw/bin/perl

This is perl, v5.8.7, built for sun4-solaris-thread-multi

global# which gunzip && gunzip -V | head -2
/usr/bin/gunzip
gunzip 1.3.3-patch.1
(2002-03-08)

global# which gtar && gtar –version | head -2
/usr/sfw/bin/gtar
tar (GNU tar) 1.14
Copyright (C) 2004 Free Software Foundation, Inc.

D. Test the open source tools by building libxml2 from source.

Download the latest version from xmlsoft.

At this time, we found the following version of zipped source here:

# wget ftp://xmlsoft.org/libxml2/libxml2-2.6.26.tar.gz

You choose which directory to perform the following steps in:

global# gunzip -cd libxml2-2.6.26.tar.gz | gtar xvpf -
global# cd libxml2-2.6.26
global# ./configure

global# gmake

global# gmake install

You are now done building and installing the libxml2 software and will find it located in /usr/local.

Note: It has been verified that that Solaris Nevada build 42 and later have an updated libxml2 package and do not need this step. If running Solaris Nevada build 42 or later, including OpenSolaris builds derived from build 42 or later, you may skip building libxml2 (Part 6D) and change a portion of the PHP5 config line in Part 6F below from:

–with-libxml-dir=/usr/local

to:

–with-libxml-dir=/usr

E. If the file /etc/apache2/httpd.conf doesn’t exist, use this:

global#cp /etc/apache2/httpd.conf-example /etc/apache2/httpd.conf

Edit /etc/apache2/httpd.conf with your favorite text editor:

* Set ServerName if necessary (default is 127.0.0.1) to your host name.
* Set ServerAdmin to a valid email address.

F. Download and compile the latest production version of PHP from www.php.net. Again, you choose your own directory such as /src or /build or whatever. As of this writing, it was at http://www.php.net/downloads.php#v5. We chose to download the gzipped version so we could use the following command to proceed:

global# gunzip -cd php-5.1.6.tar.gz | gtar xvpf -

global# cd php-5.1.6

This is where we differ from the original web page. The original was using the older MySQL 4 found in /usr/sfw, and we are using a current MySQL 5 located in /opt/csw/mysql5. So our choice of configuration options is now:

global# ./configure –with-apxs2=/usr/apache2/bin/apxs –enable-dbase \
–with-libxml-dir=/usr/local –with-config-file-path=/etc/apache2 \
–with-mysql=shared,/opt/csw/mysql5 \
–with-mysqli=shared,/opt/csw/mysql5/bin/mysql_config \
–with-xpm-dir=/usr –with-gd –with-tiff-dir=/usr –with-bz2=/usr/lib \
–with-jpeg-dir=/usr –with-png-dir=/usr –with-zlib –enable-mbstring \
–enable-calendar–enable-bcmath –enable-ftp –enable-exif

The above configuration options are good enough for a simple server setup. There are many other options, and that is left for user choice and documentation. You can see some of the options by entering command# ./configure –help or by reviewing the core configure options in Appendix F. Configure options on the PHP site.

Note: If you try to enable openssl, you will have to recompile Apache and MySQL to have the same version openssl library, or else PHP to MySQL connections will fail. If you are going to use cookies for sessions, you might see a performance gain by adding the mcrypt library to your system, and using PHP compile option –with-mycrpt.

Amusing note: If you are curious about what config options other people are using, simply try entering phpinfo() into your favorite Internet search engine.

Anyway, let’s build it now:


global# gmake

global# gmake install


Installing PHP SAPI module: apache2handler
/var/apache2/build/instdso.sh SH_LIBTOOL=’/var/apache2/build/libtool’ libphp5.la
/usr/apache2/libexec
/var/apache2/build/libtool –mode=install cp libphp5.la /usr/apache2/libexec/
cp .libs/libphp5.so /usr/apache2/libexec/libphp5.so
chmod +x /usr/apache2/libexec/libphp5.so
cp .libs/libphp5.lai /usr/apache2/libexec/libphp5.la
libtool: install: warning: remember to run ‘libtool –finish /build/php-5.1.2/libs’
chmod 755 /usr/apache2/libexec/libphp5.so
[activating module ‘php5′ in /etc/apache2/httpd.conf]
Installing PHP CLI binary: /usr/local/bin/
Installing PHP CLI man page:/usr/local/man/man1/
Installing build environment: /usr/local/lib/php/build/
Installing header files: /usr/local/include/php/
Installing helper programs: /usr/local/bin/
program: phpize
program: php-config
Installing man pages: /usr/local/man/man1/
page: phpize.1
page: php-config.1
Installing PEAR environment:/usr/local/lib/php/
[PEAR] Archive_Tar – installed: 1.3.1
[PEAR] Console_Getopt – installed: 1.2
pear/PEAR can optionally use package “pear/XML_RPC” (version >= 1.4.0)
[PEAR] PEAR – installed: 1.4.6
Wrote PEAR system config file at: /usr/local/etc/pear.conf
You may want to add: /usr/local/lib/php to your php.ini include_path
Installing PDO headers: /usr/local/include/php/ext/pdo/
#

G. Copy the file php.ini-dist from your php-5.1.6 source directory to Apache’s config directory:

global# cp php.ini-dist /etc/apache2/php.ini

If you are setting up Apache web servers in zones, perhaps you might have an example path such as the following (or whatever zone you are using):

global# cp php.ini-dist /zones/zone0/root/etc/apache2/php.ini

Next we will edit configuration files and test the entire stack.

H. Edit the configuration files.

Edit the /etc/apache2/php.ini file to set PHP options.

With PHP 5, there is no longer any automatic loading of the MySQL interface module.

You need to explicitly cause this module, and any other extension modules needed, to be loaded. To do this, edit the php.ini file and add two lines:

1. Verify that your build of PHP 5 created the module you need:

# ls -l /usr/local/lib/php/extensions/no-debug-non-zts-20050922/
total 1088
-rwxr-xr-x1 root root103144 Aug 29 21:48 mysql.so
-rwxr-xr-x1 root root429948 Aug 29 21:48 mysqli.so

Find the line(s) in php.ini that start(s) with:

; Directory in which the loadable extensions (modules) reside.
extension_dir =

Edit the line to become the following:

extension_dir = “/usr/local/lib/php/extensions/no-debug-non-zts-20050922/”

If you had installed PHP 5 to another location, adjust this line accordingly.

2. Next, find this block of the php.ini file:

;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;

Add the following line:

extension=mysql.so

Now, you will not go nuts trying to understand why your Apache/PHP 5 cannot connect to MySQL.

3. Next, edit the /etc/apache2/httpd.conf file to load the PHP module.

Find the line that contains php5_module. The path on the right hand side of the LoadModule statement must point to the path of the PHP module on your system. This path will be relative to /usr/apache2 on your system. (So it is really /usr/apache2/libexec/libphp5.so.) The gmake install of PHP 5 from above should have already added this for you, but be sure to check.

LoadModule php5_module libexec/libphp5.so

We want to have Apache parse the .php extension for web page file names as PHP. Find the AddType section of your /etc/apache2/httpd.conf file, and add this line:

AddType application/x-httpd-php .php

Some users prefer to omit the above line from httpd.conf, and instead add application/x-httpd-php php phtml to the /etc/apache2/mime.types file. Either way is fine.

I. Start Apache 2 and test.

Warning: If you have activated Apache 1.3 previously, via other SAMP articles, the Companion CD scripts, or manually, a collision will result when you try to take the following steps. It is important to disable Apache 1.3 before proceeding.

Ensure that Apache 1.3 is disabled:

#svcs -a | grep apache
legacy_run Sep_11lrc:/etc/rc3_d/S50apache

This shows that a legacy rc startup script for Apache 1.3 is /etc/rc3_d/S50apache. The script looks for the existence of a configuration file for Apache at /etc/apache/httpd.conf and will not start Apache 1.3 if the file is missing. To disable Apache 1.3, either ensure that there is no file at the path noted previously, or (while this may be a little extreme) rename the startup script from:

/etc/rc3_d/S50apache

to the following:

/etc/rc3.d/OFF-S50apache

Only scripts that start with the letter “S” will actually be executed at startup time.

Start Apache 2:

# svcadm enable apache2
# svcs | grep -i apache2
online 18:07:10 svc:/network/http:apache2

If Apache 2 started successfully, you can use the ps command, and should see several processes similar to the one noted below:

# ps -ef | grep http
webservd 18592 38020Sep 11 ? 0:03 /usr/apache2/bin/httpd -k start
webservd 13093 38020Sep 08 ? 0:07 /usr/apache2/bin/httpd -k start

Don’t be alarmed to find approximately 10 of these processes. Also, do not be alarmed by the following process:

root 49810 Jul 17 ? 1:28 /usr/apache/bin/httpd \
-f /etc/apache/httpd-standalone-ipp.conf

It is simply the older Apache 1.3 being used by the Internet Print Protocol (IPP) listener on network port 631. Since it is not running on port 80, it will not conflict with your web server configuration here.

7. Next, let’s put something useful for testing in the Apache 2 web server’s DocumentRoot directory. Using your choice of text editor, create the following file (web page) and call it phpinfo.php:

 
Hello World

< ?php phpinfo(); ?>

 

Place the file in your DocumentRoot directory as defined by the Apache httpd.conf file. If you aim your web browser at http://your-host-name/phpinfo.php and all is working, then you should get detailed information about the configuration of PHP, Apache, and MySQL.

Note: After testing it is advised to either remove that file, or protect it with HTTP authentication, as it reveals a large amount of information about your site that would be useful to an attacker.

By now, you have noticed that the above phpinfo web page basically only really tests Apache and PHP working together. While the output will show you information about the MySQL client being enabled, it does not actually test connections to the MySQL server. Almost 99% of the time, if you made it this far, you can simply install a PHP/MySQL application and expect things to work. However, if you are one of those frustratingly hyper-analytical personality types that likes to dwell on completeness, accuracy, and testing almost everything, below is a simple PHP web page that will do the following:

1. Attempt to open a connection to MySQL from a PHP page.
2. Select the mysql database name, which is a database that exists after all MySQL installations.
3. Show the list of table names that exist inside the mysql database.

Most of the code is taken from examples of function usage in the PHP manual. Copy the PHP code below into a file (web page) and name it something like simple-test.php. Edit the file and insert the password for connecting to your MySQL server. Place the file in your web server DocumentRoot (the same place you put phpinfo.php earlier).

Here is the PHP code:

< ?php
$db_username = “root”;// EDIT if needed: The username for mysql.
$db_password = “insert-yours-here”; // EDIT ME
// Above is YOUR password used for mysql admin access.
$db_hostname = “localhost”;
$db_name = “mysql”; // Install creates this admin database.

if (!mysql_connect($db_hostname, $db_username, $db_password)) {
echo “Can’t connect to MySQL Server”;
exit;
}else{
echo “Connection to Mysql server succeeded.”;
echo ”
“;
}

// Now query the db and get the list of tables.
$result = mysql_db_query($db_name, “SHOW TABLES”);

if (!$result) {
echo “DB Error, could not list tables\n”;
echo ‘MySQL Error: ‘ . mysql_error();
exit;
}

echo “

The selected database is name is mysql

“;
echo “ Here is the list of tables

“;
while ($row = mysql_fetch_row($result)) {
echo “Table: {$row[0]}
“;
} mysql_free_result($result);
?>

If you have copied the above correctly, and your software is configured properly, you can point a web browser at http://yourserver.com/simple-test.php and you should see something like this:

Connection to Mysql server succeeded.
The selected database is name is mysql.

Here is the list of tables

Table: columns_priv
Table: db
Table: func
Table: help_category
Table: help_keyword
Table: help_relation
Table: help_topic
Table: host
Table: proc
Table: procs_priv
Table: tables_priv
Table: time_zone
Table: time_zone_leap_second
Table: time_zone_name
Table: time_zone_transition
Table: time_zone_transition_type
Table: user

8. Let’s look at PHP Security.

Now that you have things working, be warned that the default install of PHP, and the default options in config file php.ini, are only safe for development work, but not for a production server that is exposed on a network. Here is a strongly worded caution:

A. Delete the phpinfo and simpletest PHP web pages created in Step 7 above. (Or immediately lock them down by protecting the directory they are in with HTTP authentication of some type.)

B. It is strongly advised that you review a tutorial on securing PHP, such as one of the following:

* PHP Manual Security Section
* PHP Security Guide
* Top 7 PHP Security Blunders (article on SitePoint web site)

If you do not have time for that, at least take a look in your PHP source code directory at the suggested (and safer) configuration file php.ini-recommended. You may wish to compare this with the basic starting config file php.ini-dist to see what changes are made for security and performance of a production site.

(# diff php.ini-dist php.ini-recommended | less)

I hope this has answered a few questions and provided useful hints. Enjoy your SAMP server for the Solaris OS.