The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP suEXEC Support security question

Discussion in 'Security' started by equens, Jun 6, 2004.

  1. equens

    equens Well-Known Member

    Joined:
    Feb 8, 2002
    Messages:
    270
    Likes Received:
    0
    Trophy Points:
    16
    How dangerous is not to install the PHP suEXEC Support. I have updated apache with PHP suEXEC Support and I have encountered some problems. One of them is that when suEXEC is installed, the addon domain doesn't works. I try to visit simple index.php and the server returns 505 error.

    I think this is a problem of permmisions, do you think that with 755 permmisions the problems goes out? Thanks!
     
    #1 equens, Jun 6, 2004
    Last edited: Jun 6, 2004
  2. fishfreek

    fishfreek Well-Known Member

    Joined:
    Jan 2, 2004
    Messages:
    238
    Likes Received:
    0
    Trophy Points:
    16
    IMO there are no security issues with running phpsuexec. Infact this forces php to run as cgi so it runs under the permissions of the account user vs running as the user nobody.

    This makes it easier to track down whos running what.

    Incorrect permissions can case the 500 error as you describe. Also having php_value amounts in a .htaccess file will do this aswell.
     
  3. Hueznar

    Hueznar Member

    Joined:
    Feb 24, 2004
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Spain
    But if I select PHP SuExec support, some php session headers in .htaccess will not work, so I can't install suexec support. I don't know if NOT installing SuExec Support and upgrading to the lastest cpanel release I will be as secure as having installed suexec support.

    Comments?
     
  4. Faldran

    Faldran Well-Known Member

    Joined:
    May 28, 2002
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    16
    You must change .htaccess php_value from the .htaccess ones, to placing a php.ini with those settings in it.

    Small trade off for php+suexec
     
  5. Hueznar

    Hueznar Member

    Joined:
    Feb 24, 2004
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Spain
    Errr..., I'm not sure to understand you.

    You say to remove .htacess php_values and create a php.ini? ...in the users' account folder with these values? :?

    For example, I have the following code in .htaccess file:

    AuthType Basic

    AuthName "CTI"

    AuthUserFile "/home/wcnt1033/.htpasswds/cti/passwd"

    require valid-user


    ...if I compile apache with PHP Su Exec support, the code don't work. Is ignored.

    Tell me how to solve this with php su exec support enabled.

    (my english level is low)

    Thank you sincerely for all your help
     
  6. The MAzTER

    The MAzTER Well-Known Member

    Joined:
    Jul 3, 2003
    Messages:
    106
    Likes Received:
    0
    Trophy Points:
    16
Loading...

Share This Page