PHP suEXEC Support security question

**equens** · 06-06-2004 06:37 PM

How dangerous is not to install the PHP suEXEC Support. I have updated apache with PHP suEXEC Support and I have encountered some problems. One of them is that when suEXEC is installed, the addon domain doesn't works. I try to visit simple index.php and the server returns 505 error.

I think this is a problem of permmisions, do you think that with 755 permmisions the problems goes out? Thanks!

**fishfreek** · 06-07-2004 08:40 AM

IMO there are no security issues with running phpsuexec. Infact this forces php to run as cgi so it runs under the permissions of the account user vs running as the user nobody.

This makes it easier to track down whos running what.

Incorrect permissions can case the 500 error as you describe. Also having php_value amounts in a .htaccess file will do this aswell.

**Hueznar** · 06-10-2004 05:09 AM

But if I select PHP SuExec support, some php session headers in .htaccess will not work, so I can't install suexec support. I don't know if NOT installing SuExec Support and upgrading to the lastest cpanel release I will be as secure as having installed suexec support.

Comments?

**Faldran** · 06-10-2004 12:37 PM

Originally posted by Hueznar
But if I select PHP SuExec support, some php session headers in .htaccess will not work, so I can't install suexec support. I don't know if NOT installing SuExec Support and upgrading to the lastest cpanel release I will be as secure as having installed suexec support.

Comments?

You must change .htaccess php_value from the .htaccess ones, to placing a php.ini with those settings in it.

Small trade off for php+suexec

**Hueznar** · 06-10-2004 01:36 PM

Originally posted by Faldran
You must change .htaccess php_value from the .htaccess ones, to placing a php.ini with those settings in it.

Small trade off for php+suexec

Errr..., I'm not sure to understand you.

You say to remove .htacess php_values and create a php.ini? ...in the users' account folder with these values? :?

For example, I have the following code in .htaccess file:

AuthType Basic

AuthName "CTI"

AuthUserFile "/home/wcnt1033/.htpasswds/cti/passwd"

require valid-user

...if I compile apache with PHP Su Exec support, the code don't work. Is ignored.

Tell me how to solve this with php su exec support enabled.

(my english level is low)

Thank you sincerely for all your help

**The MAzTER** · 06-11-2004 01:16 PM

use suPHP

www.suphp.org

a lot better tbh

LinkBack

Thread Tools

PHP suEXEC Support security question

PHP suEXEC Support

php 4.4.0 + suexec support breaks everything

PHP suexec and security

does mmcache support php Suexec