The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

apache php suexec

Discussion in 'EasyApache' started by Mykul31217, Jun 11, 2007.

  1. Mykul31217

    Mykul31217 Member

    Joined:
    Aug 4, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I have used the WHM interface to update apache/php to use the php suexec functions. The whole build goes just fine, and seems to install twice, after the first install, php is viewable, but after the second, it isn't.

    I go in and edit the httpd.conf by hand and re-enable php and php is viewable... however... php is still run by nobody:nobody and I was under the impression that phpsuexec would run the scripts as the user in question.

    <?php passthru("id"); ?>

    that is what I am using to test the user being used. I had gotten that from these forums while trying to track down what is going on. Ultimatly, the problem is that php is no longer able to upload images to our customers sites.

    I have tried running the buildscript in /home/cpapachebuild/buildapache and it does the same thing as the whm (double install with php working in between the installs) I have had to edit the buildscript to enable soap, pdo and pdo-mysql

    Any suggestions or advice would be awesome.

    Shoemaker
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    phpSuExec runs PHP as a CGI and does not use Apache Modules

    (IE: There is no "LoadModule" line in the configuration)

    If you go back and "re-enable" the LoadModule line then what you have
    effectively done is disabled phpSuExec and re-activated the original
    module based PHP running as "nobody" that you had before.

    Make sure the ownership and execute permissions are set correctly
    for all your scripts else they will not run under phpSuExec.

    (IE: You cannot have any 666 or 777 scripts or folders)

    Out of pure curiosity, why are you switching to phpSuExec?

    I personally don't like phpSuExec because while it adds the ability
    to better track script executions and runs scripts as the owner,
    it does so at the cost of opening some very serious security
    holes that could be actually worse than just running plain
    old module based (run as nobody) PHP!

    My personal favorite is SuPHP which gives you all the advantages
    and capabilities provided by phpSuExec but without any of the
    added security problems or performance issues of phpSuExec

    .
     
    #2 Spiral, Jun 11, 2007
    Last edited: Jun 11, 2007
    Infopro likes this.
  3. Mykul31217

    Mykul31217 Member

    Joined:
    Aug 4, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    is there an easy tool or command that will do the permission fixes?
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    No, not within Cpanel but I could write you a basic quick script in a few seconds ...

    Code:
    #!/bin/bash
    IFS="$"
    
    cd /var/cpanel/users
    
    ls | grep -v "\." | while read CPUSER; do
      echo "Collection permission information on ${CPUSER} ..."
      find /home/${CPUSER}/public_html -type 'd' > /tmp/${CPUSER}.dir.$$
      find /home/${CPUSER}/public_html -type 'f' > /tmp/${CPUSER}.files.$$
      find /home/${CPUSER}/public_html -type 'f' -name '*.php' > /tmp/${CPUSER}.php.$$
      find /home/${CPUSER}/public_html -type 'f' -name '*.cgi' > /tmp/${CPUSER}.cgi.$$
      find /home/${CPUSER}/public_html -type 'f' -name '*.pl' >> /tmp/${CPUSER}.cgi.$$
      echo "Processing permission settings on ${CPUSER} ..."
    
      echo "    Setting Folders ..."
      cat /tmp/${CPUSER}.dir.$$ | while read DFILE; do
        chmod 755 "${DFILE}"
      done
      rm -f /tmp/${CPUSER}.dir.$$
    
      echo "    Setting Files ..."
      cat /tmp/${CPUSER}.files.$$ | while read DFILE; do
        chmod 644 "${DFILE}"
      done
      rm -f /tmp/${CPUSER}.dir.$$
    
      echo "    Setting PHP Scripts ..."
      cat /tmp/${CPUSER}.php.$$ | while read DFILE; do
        chmod 755 "${DFILE}"
      done
      rm -f /tmp/${CPUSER}.dir.$$
    
      echo "    Setting Perl Scripts ..."
      cat /tmp/${CPUSER}.cgi.$$ | while read DFILE; do
        chmod 755 "${DFILE}"
      done
      rm -f /tmp/${CPUSER}.dir.$$
    
      chown -R ${CPUSER}:${CPUSER} /home/${CPUSER}/public_html
      echo "============================================"
    done
    
     
  5. Mykul31217

    Mykul31217 Member

    Joined:
    Aug 4, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    copy/paste to a file and gave x bit

    ./suexfix
    ./suexfix: line 31: syntax error: unexpected end of file
     
  6. Mykul31217

    Mykul31217 Member

    Joined:
    Aug 4, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    duh, nm, was missing another done at the end to close the primary loop.
     
  7. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Like I said, "just a couple seconds" quick and dirty hack for you ,,,

    You can modify the sample code to whatever you need.

    One thing I might do looking at my code again would be to go ahead
    and add a CHOWN line before each CHMOD line. This will let you set
    the ownerships at the same time you set the permissions:

    Code:
    chown ${CPUSER}:${CPUSER} "${DFILE}"
    
     
  8. Mykul31217

    Mykul31217 Member

    Joined:
    Aug 4, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Ok... I have run the script and it did what it should have...

    I re-ran easyapache and selected php suexec and it did what it has always done. Inbetween compiles of php (still no clue why it does it twice) it would process the php code (phpinfo, etc) but after it finished, nada, I would get 500 errors and I verified that permissions were NOT a problem.

    the logs have:
    Premature end of script headers: /home/btcol/public_html/phpinfo.php

    the content of that file being <? phpinfo() ; ?>

    is there something I am missing in all this process?

    am I missing something in the httpd.conf perhaps?
     
  9. MeGaMASTER

    MeGaMASTER Well-Known Member

    Joined:
    May 24, 2003
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    I'm having the same problem. After upgrading from php 5.2.2 to 5.2.3 with phpsuexec, all my customers websites would display a 500 error as well as generate a core dump in their home directory. To resolve this, I had to use php 5.2.3 without phpsuexec. Anybody know how to fix this?
     
  10. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Have you tried long tags, ie:

    <?php phpinfo(); ?>
     
  11. Mykul31217

    Mykul31217 Member

    Joined:
    Aug 4, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Yes.... not with phpinfo, but with the id method to find out who is actually running the php scripts.

    <?php passthru("id"); ?>

    that does the exact same thing as the other
     
  12. Mykul31217

    Mykul31217 Member

    Joined:
    Aug 4, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I downgraded php to 5.2.2 and everything is working :)

    guess I will wait for 5.2.4 ;)
     
  13. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    This is actually an easy one !!!!!

    You might not be aware of this yet but PHP changed the name of the PHP binary called
    for phpSuExec and SuPHP as of version PHP v5.2.3

    The old name of the program was "php"

    The new name of the program is "php-cgi"

    When upgrading to PHP v5.2.3, you have to go into your httpd.conf file and update the
    handler filename from "php" to "php-cgi" for phpSuExec and, for those running SuPHP,
    you need to modify the suphp.conf file and change the name of the binary called by
    SuPHP from "php" to "php-cgi"

    For SuPHP: Config file is at /opt/suphp/etc/suphp.conf

    In both cases, it's a simple one line change and only takes a second to update.

    Once you update your system, you will stop getting the "Error 500" and "Incomplete Header"
    errors and your PHP will start working again and should run fine under PHP v5.2.3
     
Loading...

Share This Page