The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP suEXEC Support

Discussion in 'General Discussion' started by asmithjr, Dec 9, 2005.

  1. asmithjr

    asmithjr Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    475
    Likes Received:
    1
    Trophy Points:
    18
    ok I admit, I have a server that is not using PHP suEXEC Support


    I want to enable it but am concerned because I have over 100 sites on the server functioning ok. WOW but a lot of directories and files with 777 permissions.

    find /home -perm 777 -type d
    find /home -perm 777 -type f

    Should I enable PHP suEXEC Support then

    find . -perm 777 -exec chmod 755 {} \;

    Is this wise or is it better to leave well enough alone?
     
  2. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    I'd email your users first, but there's nothing wrong with that as an idea.

    You may also want to ensure the directory is owned by the correct user, as if they created the directory from a script it'll be owned by nobody and they'll end up with no access to it at all.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Perhaps a safer way WRT ownerships and some of the permissions is to run:

    /scripts/chownpublichtmls
     
  4. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Isn't /scripts/chownpublichtmls going to break Apache access?

    /scripts/chownpublichtmls effectively chowns the public_html directories to the user's userid and group. However, the group on these directories is normally nobody with read permission only to group, viz:

    drwxr-x--- 5 winegl nobody 4096 Oct 5 11:35 winegl/public_html/
    drwxr-x--- 5 wisemon nobody 4096 Dec 8 13:48 wisemon/public_html/

    Apache runs as nobody, so wouldn't the ownership changes by that script totally prevent it accessing these directories? and thus prevent access to all user webpages? Or am I missing something?
     
  5. Izzee

    Izzee Well-Known Member

    Joined:
    Feb 6, 2004
    Messages:
    469
    Likes Received:
    0
    Trophy Points:
    16
    The exception is /home/user/public_html which remains user:nobody with 0701 permissions.
    The script changes the remaing files and directories to user:user if they had nobody anywhere in the permissions and changes any 0777 permissions to 0755.

    Here is an idea of what happens when running the script:

    # /scripts/chownpublichtmls
    Chowning user....Done
    Chowning user....Done
    (repeats the above response for every user in /home/user/
    Setting /home permissions to 0711......Done
    Setting permissions for.....user...user...(continues for every user).....Done

    #

    Thats it.
    :)
     
    #5 Izzee, Dec 11, 2005
    Last edited: Dec 12, 2005
  6. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    D'Oh ... sorry, for some reason I failed to see the last line of the script, which puts back the correct group on the public_html directories ... so no problem with using the script. Apologies for the aspersions Chirpy!
     
  7. asmithjr

    asmithjr Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    475
    Likes Received:
    1
    Trophy Points:
    18
    Thanks for the posts.

    Now to get up the nerv to "Hit the Return Key".

    Last thing we need is a lot of issues.

    Anyone have an idea of how to backout if there are really bad issues? Or is the feeling that this is not going to cause that much trouble if I use the # /scripts/chownpublichtmls
     
  8. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0
    It doesnt matter if you back out. All files should be owned by user.user anyway so if you remove phpsuexec those perms should work properly.
     
  9. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    It's safe, it's an official cpanel script AND it's recommended by the Chirpy - can't get better than that!
     
  10. PDM

    PDM Active Member

    Joined:
    Jan 7, 2004
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Angel Fire, NM
    Will enabling suexec break scripts sending mail using this php code format?

    PHP:
    /* To send HTML mail, you can set the Content-type header. */
    $headers  "MIME-Version: 1.0\r\n";
    $headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
    $headers .= "X-Priority: 1\n";
    $headers .= "X-MSMail-Priority: High\n";
    $headers .= "X-Mailer: php\n";
    $headers .= "From: \"".$senderfirstname."\" \"".$senderlastname."\" <".$senderemail.">\n";

    if (
    $toemail != ""
    mail($toemail$subject$message$headers);
     
  11. te2586

    te2586 Member

    Joined:
    Dec 19, 2003
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    phpsuexec and htaccess

    I've also seen it mentioned and in error logs, that switching a server over to phpsuexec breaks scripts that set php values in their .htaccess files. Does anyone know if there's an easy way around that or will I have to search out the htaccess files that make use of the php variable reassignments?
     
  12. myusername

    myusername Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2003
    Messages:
    691
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    chown -R us.*yourbase*
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    You can search for them, or maybe better yet wait for your user to submit a ticket on it and explain to them how to fix it. Eventually they are going to ask anyways...it is likely that a lot of the php values and flags you find are not being used anyway. Probably not worth doing it by hand unless you can come up with a one-liner for it.
     
    #12 myusername, Dec 13, 2005
    Last edited: Dec 13, 2005
  13. PDM

    PDM Active Member

    Joined:
    Jan 7, 2004
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Angel Fire, NM
    If I enable php suexec and recompile Apache with it how would I back out.

    Restore httpd.conf and restart apache?
     
  14. myusername

    myusername Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2003
    Messages:
    691
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    chown -R us.*yourbase*
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Yes, or just use /scripts/easyapache or whm and uncheck the php suexec option.
     
  15. Izzee

    Izzee Well-Known Member

    Joined:
    Feb 6, 2004
    Messages:
    469
    Likes Received:
    0
    Trophy Points:
    16
    I just need to correct some possible errors.

    1.
    @Albert
    find . -perm 777 -exec chmod 755 {} \;

    Should this not be?:

    find /home -perm 777 -exec chmod 755 {} \;

    as find . is looking for directories with a .name extension, it seems.

    Example after running (but stopping quickly) the original command:
    chmod: failed to get attributes of `./etc/rc.d/rc0.d/K25sshd-keygen': No such file or directory
    chmod: failed to get attributes of `./etc/rc.d/rc0.d/K85courier-authlib': No such file or directory
    chmod: failed to get attributes of `./etc/rc.d/rc0.d/K30courier-imap': No such file or directory
    ETC. ETC.

    2.
    I checked several of my clients with known php scripts running and found many directories with 0777 permissions and a couple of files. This was after running:
    /scripts/chownpublichtmls

    So my conclusion is that the above script does not chmod 0777 to 0755 as I stated in my previous post above.

    I used Albert's find /home to see which files and directories were wrong and then issued:
    find /home -perm 777 -exec chmod 755 {} \;

    Then I checked again with the find /home command and all seemed to be have been changed as expected.
    :)
     
    #15 Izzee, Dec 16, 2005
    Last edited: Dec 16, 2005
  16. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    No, the original find was more or less correct. A smarter version would be:

    Code:
    find . -perm -2 -print | xargs chmod o-w /home
    This finds all files under the current directory (you can replace . with /home if you like, /home is probably a little safer) that have write permission to other (ie all) and then removes that write permission. The xargs command is a faster way of running commands from find, it bunches up a whole lot of files and only runs chmod on groups of filenames rather than once per filename. The "/home" on the end after the xargs can be left out (or replaced with any other directory you don't mind removing other write from), it's just to avoid a possible phantom error from chmod.

    If you want something that copes with spaces in filenames, try this:

    Code:
    find /home -perm -2 -print0 | xargs -0 chmod o-w /home
     
  17. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    A script like that should work with phpsuxec/suexec on, just the email will now be identified as coming from that user rather than the horribly untraceable "nobody" user.
     
  18. greetingsc

    greetingsc Active Member

    Joined:
    May 18, 2004
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    ExecGI Problem

    Hi All,

    I just installed phpsuexec and after all sites go down. After checking permissions a couple times I checked the logs and it was saying ExecCGI wasn't enabled. Is it normal to have to add Options +ExecCGI to the public_html folder for sites where php files aren't in the cgi-bin?

    Thanks for the help,
    Michael
     
  19. myusername

    myusername Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2003
    Messages:
    691
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    chown -R us.*yourbase*
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Its faster just to run php in the scgi bin if you want to run php from the cgi-bin but you should not need to enable that for php to run outside of it with phpsuexec, if I understood the question.
     
  20. greetingsc

    greetingsc Active Member

    Joined:
    May 18, 2004
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    myusername - I am not going to be switching the files structure into the cgi-bin now, but that is an excellent suggestion.

    My problem is I did have add a .htaccess file to each domain using php and add Options +ExecCGI for an php file to run. Does anyone have an idea what the problem could be?

    MC
     
Loading...

Share This Page