The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is phpsuexec even good?

Discussion in 'General Discussion' started by BeerUser, May 3, 2004.

  1. BeerUser

    BeerUser Active Member

    Joined:
    Apr 16, 2004
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Ok heres the deal,

    Once you run php as cgi and have phpsuexec enabled. All ifmodule php4 tags in your httpdconf file are ignored or not working anymore since php runs as cgi.

    The thing is using this way, every one will run as username/groupname instead of nobody and more easy to track down spammers etc

    BUT heres where I dont get it.

    Only way you cna turn off safe mode is by adding a tag to httpdconf file for each site but remember now it runs as cgi so all php tags in httpd conf dont work anymore.

    You have to put php.ini file with settings you want in each users root.

    I was thinking it was all okay as long as root can only make the php.ini work.. guess wrong.

    A user can just make a php.ini and put his settings in e.g openbase dir protection to nothing, safemode off etc etc.

    I hope I explained it correctly.. How to stop such a mess?? Possible to only allow php.ini rules to be read if file is under root owner instead of user owner??

    I can just image users doing what php configs they want by using the php.ini in their userroot and ignoreing your main server php.ini file.
     
    #1 BeerUser, May 3, 2004
    Last edited: May 3, 2004
  2. fishfreek

    fishfreek Well-Known Member

    Joined:
    Jan 2, 2004
    Messages:
    238
    Likes Received:
    0
    Trophy Points:
    16
    Cant they do that with phpsuexec disabled by putting php_value enteries in their .htaccess file?
     
  3. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Yes, PHP need to fix these issues one day:rolleyes:
     
  4. BeerUser

    BeerUser Active Member

    Joined:
    Apr 16, 2004
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    As far as I know people always said give it a try but most likely wont work, this was the reply to people asking about turning off safe mode with .htaccess
     
  5. alex042

    alex042 Well-Known Member

    Joined:
    Sep 13, 2003
    Messages:
    76
    Likes Received:
    0
    Trophy Points:
    6
    .htaccess can be controlled, i believe, within the php.ini file to allow or disallow certain access changes.
     

Share This Page