|
|||||||
![]() |
|
|
LinkBack | Thread Tools | Display Modes |
|
|||
|
Can Anybody help me?.
I don't updated Cpanel yet because I'm not sure if I must check PHP SuExec checkbox before rebuild apache. Is it necessary to correct the bug?. The last time I compiled apache with su exec support, many php scripts failed and don't worked and .htacess php flags were ignored. Please tell me please if compiling apache following cpanel instructions (without php su exec support) will fix the security issue or if am I obligated to select PHP Suexec Thanks a lot for your nice help |
|
|||
|
The bug was not selecting it and as long as you run atleast current you are fine. The only version that has trouble is stable right now. I would suggest upgrading to release/current then running easyapache and adding support if you use or want it.
|
|
|||
|
OK, Thank you very much for your help. ...I have read thousands of posts trying to know if was estrictly necessary to select php suexec support, but when I tested it last time, I discovered that many PHP Scripts were failing, and .htacess php flags were ignored having php su exec support enabled.
Appart from this, do you know more "restrictions" if I select php su exec support instead of not selecting it? Exactly, what's the difference between using or not using it?. I know PHP Su Exec support run scripts by the user id, but what kind of possible problems will have If I don't use it? Thank you again for u help |
|
|||
|
phpsuexec or not?
NOT! Forget about PHPSUEXEC!
Don't even waste your time there. PHP is PHP. Perl is Perl. CGI is CGI. And PHP will just be user nobody and group nobody running on your computer. I tried PHPSUEXEC and it created quite a mess. It seems PHP is okay for mundane and civilian purposes as-is. ER Now, suexec (for cgi-bin, like perl, is a must and is honky-dory). Suexec and PHPsuexec are different, as you must already know. |
|
||||
|
I can't agree less. We have phpsuexec running on all of our servers and never had a problem with any custome - you just have to make sure that you have your file ownerrships and permissions correct.
__________________
Jonathan Michaelson cPanel Forum Moderator Need your cPanel servers secured and tuned? cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf http://www.configserver.com |
|
|||
|
OK! I'll give it a second look.
Having phpsuexec working well would reduce the risk of security and privacy breaches considerably.
Thanks for replying in favor of phpsuexec with such conviction. I needed someone really stating firm results to go deeper into this issue. I'll have a second look since I really hate to see all php scripts running like user nobody and group nobody. ER |
|
||||
|
Having used suexec for so many years, I think it's only sensible security to run phpsuexec these days. I understand that phpsuexec was flawed at its introduction.
The number of threads on here with people asking about all the spam emails from nobody has convinced me that any pain in running it outweighs the risks of not. There is also an alternative that some use called suphp: http://www.suphp.org/Home.html Never needed to try it myself.
__________________
Jonathan Michaelson cPanel Forum Moderator Need your cPanel servers secured and tuned? cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf http://www.configserver.com |
![]() |
| Thread Tools | |
| Display Modes | |
|
|