The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

forbid php for some accounts

Discussion in 'General Discussion' started by forquato, Aug 29, 2009.

  1. forquato

    forquato Active Member

    Joined:
    Aug 27, 2009
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    does anyone knows how to forbidd php for some customers?

    Thx
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I am not certain why you would want to do this but yes you can do that ...

    I would recommend that you run SuPHP for your PHP as you will have more
    control over things like this on a per account basis than you would if the
    whole server were running PHP directly as an Apache module.

    Basically in a nutshell, you can remove the handler and restrict the commands
    to re-add it again from the virtualhost configs or you can just disable it
    from a custom PHP config for the site.
     
  3. forquato

    forquato Active Member

    Joined:
    Aug 27, 2009
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Thank you. That was only a question. I'm not sure as well :)

    Bit it needs much more memory, right?
    What is with suExec? My Apache PHP5-Handler ist dso.
    Do youi mean, that the PHP-Handler could be suPHP?
     

    Attached Files:

    #3 forquato, Aug 30, 2009
    Last edited: Aug 30, 2009
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    SuPHP? No, it's memory requirements are roughly about the same as DSO.

    And setup correctly, there really is not any significant performance differences either but the security advantages of running SuPHP are enormous!

    SuExec, not to be confused with phpSuExec, does for regular CGI scripts
    (IE: Perl) much the same that SuPHP does for PHP Scripts namely in
    shifting exections away from the generic "nobody" user.

    Yes, you would no longer have the normal Apache PHP module but would instead configure your server to use the SuPHP module which unknown to many people is also a standard Apache DSO module as well but that is where the similiarities end.

    PHP : Apache Module (DSO) - Direct executions of PHP scripts from Apache module run insecurely as user "nobody"

    PHP : phpSuExec (CGI) - Scripts are piped through an external PHP interpreter via CGI calls to the CGI version of PHP and the script is run with the security levels and identity of the script owner.

    PHP : SuPHP (DSO / CGI) - A native Apache module handles PHP processing in Apache like normal DSO (Apache module) PHP but unlike that kind of PHP, it makes the external CGI calls like phpSuExec (CGI) also run as the owner of the script. SuPHP is basically a hybrid of the technologies but allows for the best parts of both regular PHP Apache module with better than the security advantages brought to the table with phpSuExec. Since the base calls are handled by a specialized DSO module, performance is substantially better than what you find with phpSuExec or other CGI based exections and very comparable to direct DSO support.
     
  5. forquato

    forquato Active Member

    Joined:
    Aug 27, 2009
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Thank You.
    I will try SUPHP on my Server.
     
  6. forquato

    forquato Active Member

    Joined:
    Aug 27, 2009
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Okay, I installed SuPHP, but now no PHPSkripts works at all.

    I get 500 Internal Server Error whenever I run PHP.

    How I can solve this problem?


     
  7. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    You will get error 500 if you have any of the following conditions:

    1. Scripts not owned by account owner (IE: should not be nobody or root)

    2. You have a .htaccess file with "php_flag" or "php_admin" commands

    3. The PHP scripts are permission 666 or 777 or are located under a folder
    with those permissions (THIS IS NOT ALLOWED NOR NEEDED WITH SUPHP)

    Incidentally, I have a script that will correct all of the above for the entire server all at once. ;)
     
  8. forquato

    forquato Active Member

    Joined:
    Aug 27, 2009
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Would you be so kind to give me that script ? :)
     
Loading...

Share This Page