Select or Not Select PHP SueExec Support, that's the question...

[Hueznar]

Can Anybody help me?.

I don't updated Cpanel yet because I'm not sure if I must check PHP SuExec checkbox before rebuild apache. Is it necessary to correct the bug?. The last time I compiled apache with su exec support, many php scripts failed and don't worked and .htacess php flags were ignored.

Please tell me please if compiling apache following cpanel instructions (without php su exec support) will fix the security issue or if am I obligated to select PHP Suexec

Thanks a lot for your nice help

[icanectc]

You dont have to select Php SuEXEC if you dont want to. i would recommend running PHP SuEXEC for security purposes but it is not required to correct the current vuln.

[eth00]

The bug was not selecting it and as long as you run atleast current you are fine. The only version that has trouble is stable right now. I would suggest upgrading to release/current then running easyapache and adding support if you use or want it.

[Hueznar]

OK, Thank you very much for your help. ...I have read thousands of posts trying to know if was estrictly necessary to select php suexec support, but when I tested it last time, I discovered that many PHP Scripts were failing, and .htacess php flags were ignored having php su exec support enabled.

Appart from this, do you know more "restrictions" if I select php su exec support instead of not selecting it?

Exactly, what's the difference between using or not using it?.

I know PHP Su Exec support run scripts by the user id, but what kind of possible problems will have If I don't use it?

Thank you again for u help

[eurorocco]

NOT! Forget about PHPSUEXEC!

Don't even waste your time there.

PHP is PHP. Perl is Perl. CGI is CGI. And PHP will just be user nobody and group nobody running on your computer.

I tried PHPSUEXEC and it created quite a mess. It seems PHP is okay for mundane and civilian purposes as-is.

ER

Now, suexec (for cgi-bin, like perl, is a must and is honky-dory). Suexec and PHPsuexec are different, as you must already know.

[chirpy]

I can't agree less. We have phpsuexec running on all of our servers and never had a problem with any custome - you just have to make sure that you have your file ownerrships and permissions correct.

[eurorocco]

Having phpsuexec working well would reduce the risk of security and privacy breaches considerably.

Thanks for replying in favor of phpsuexec with such conviction. I needed someone really stating firm results to go deeper into this issue.

I'll have a second look since I really hate to see all php scripts running like user nobody and group nobody.

ER

[chirpy]

Having used suexec for so many years, I think it's only sensible security to run phpsuexec these days. I understand that phpsuexec was flawed at its introduction.

The number of threads on here with people asking about all the spam emails from nobody has convinced me that any pain in running it outweighs the risks of not.

There is also an alternative that some use called suphp:
http://www.suphp.org/Home.html

Never needed to try it myself.