The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

php running as "nobody" giving me problems

Discussion in 'General Discussion' started by fuzzymonkey, Oct 10, 2005.

  1. fuzzymonkey

    fuzzymonkey Well-Known Member

    Joined:
    Jun 11, 2004
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    There are 2 problems that I'm experiencing that I think are derived from the fact that php scripts run as the user "nobody" on my server.

    1. Mail sent from php scripts does not count toward the user's bandwidth usage or show up in the mail statistics.
    2. Files uploaded from php scripts are owned by "nobody," so they aren't counted in the user's quota. Today I found a user with 4 Gigs on his 100 meg account because of this.

    Right now I have the php mail function disabled to get around #2. How can I configure php such that users can still send email without getting around their bandwidth limitations and also so that I can keep an eye out for possible spammers? I'd love to get php scripts to run as the system user in question. It seems this would solve all my problems.
     
    #1 fuzzymonkey, Oct 10, 2005
    Last edited: Oct 10, 2005
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    You need to recompile Apache with Phpsuexec.
     
  3. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    ... and then welcome to the world of a whole set of new/different problems. ;)
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Indeed, but it does get rid of the worst of the poor php implementation in apache and makes things more secure and, importantly, traceable.
     
  5. fuzzymonkey

    fuzzymonkey Well-Known Member

    Joined:
    Jun 11, 2004
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Sounds fantastic! What problems does this bring about though?

    Also, I'm reading something about a patch to suexec that is needed to support php? what is this and where do I get it? Is there a how-to somewhere?
     
    #5 fuzzymonkey, Oct 12, 2005
    Last edited: Oct 12, 2005
  6. fuzzymonkey

    fuzzymonkey Well-Known Member

    Joined:
    Jun 11, 2004
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    just an update - I used easyapache to get it working. Thanks!
     
  7. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    AFAIK, just the ownership and perms of user's scripts gets a bit more important, and any images/files uploaded via php script while running as nobody, will have to be chowned to the actual user now, so that they can be deleted/edited by scripts now running as user and not nobody...

    I'd love to hear from someone with more knowledge than me on this though, as it's a move I've been a little afraid to take, until I have the free time to sort out any problems switching to Phpsuexec might rasie.
     
  8. AlaskanWolf

    AlaskanWolf Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Fremont CA
    once you install phpsuexec, there are still customers scripts trying to send out emails as nobody, how can you fix this
     
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Make sure that there are no php scripts with the nobody:nobody file ownership.
     
  10. beetleman

    beetleman Registered

    Joined:
    Nov 13, 2005
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Funny, cause the files aren't owned by nobody, they are owned by the the system.

    The system is considered somebody in this instance and the system can manipulate the files and directories that it owns.

    Just thought I'd throw my 2 cents in.

    beetleman
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I'm not sure I understand your post.nobody is a real unix user and the one under which apache runs. In unix context there's no such thing as "being owned by the system", files are owned by unix accounts that appear (usually) in /etc/passwd, one of which is the account and group called nobody.
     
  12. SubZero

    SubZero Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Balmumcu, Istanbul, TR
    Hi,

    I need to use one site with mod_php and the rest (others) with phpsuexec. How do I make this configuration to work? Any details?

    I have one site that spikes the hosts load to 40~50's with PHPSuExec but the rest of them are just simple stuff. Any deas?
     
  13. neo4242002

    neo4242002 Well-Known Member

    Joined:
    Jun 28, 2005
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    If I enable PHPSuExec in my server will I require to change all my php files by adding #!/usr/local/bin/php or something similar.. just cant remember who told me that :confused:
     
  14. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    AFAIK, you cannot do that, it's either one or the other, though I could well be wrong.

    No.
     
  15. neo4242002

    neo4242002 Well-Known Member

    Joined:
    Jun 28, 2005
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    php as CGI

    What about “php as CGI” is it a different story? How do find whether my php build as a CGI or Apache module
     
  16. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    PHP as CGI is what phpsuexec is.
     
  17. neo4242002

    neo4242002 Well-Known Member

    Joined:
    Jun 28, 2005
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
  18. networxhosting

    networxhosting Well-Known Member
    PartnerNOC

    Joined:
    Apr 22, 2003
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hamilton, Ontario, CANADA
    I beleive what the phpsuexec wrapper actually does is prepend #!/usr/bin/php automagically to each request, so no modification is required
     
  19. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    When Phpsuexec enabled, you don't need to modify your Php scripts, not even using #!/usr/bin/php syntax. You also need to know that you can't change the permission on any of your scripts and/or directories to 777.
     
  20. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Indeed. That page is talking about php shell scripts, which is when you should put the shebang line in to the interpreter.
     
Loading...

Share This Page