The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Question about suPHP and Cgi Mode

Discussion in 'General Discussion' started by noimad1, Jun 12, 2009.

  1. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    It is my understanding that suPHP forces php scripts to run as the user right?

    However, does this mean that we have to run php5 in cgi mode for the processes to show as the user?

    The reason I ask is I have php5 running suPHP, but in dso mode, and the php processes are still showing as "nobody". Do I have to turn on cgi mode as well?
     
  2. StingRay2k01

    StingRay2k01 Active Member

    Joined:
    Jun 15, 2003
    Messages:
    31
    Likes Received:
    1
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I would just say "yes" but apparently you have to post at least 10 chars. So now I have two sentences instead!
     
  3. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I have been using SuPHP for a number of years now even back when phpSuExec
    was still popular and was the only thing most people knew about despite the
    general securitymess phpSuExec was making of things at the time under the
    delusion of helping security. Unlike phpSuExec, SuPHP really does help in terms
    of your general security and being able to track user script execution better.

    Anyway, to answer your question and so you know how suPHP functions ...

    1. PHP itself has to be compiled as a CGI in order to be linked to SuPHP.

    2. SuPHP itself is an Apache DSO module that **CALLS** the PHP CGI binary
    and executes it which the owner and permissions of the account from
    where the PHP script is being executed.

    So know you understand a little more how SuPHP functions. It is an Apache
    module that calls the PHP CGI binary usually located at /usr/local/bin/php-cgi.
    The PHP portion is run as a CGI binary and is **NOT** an Apache module!

    (Side Note: I don't recommend FastCGI for servers running SuPHP)

    Configured properly, SuPHP will give you a great boost in security and
    allow you to more closely monitor script executions and keep log records
    that trace back to account origins plus users will be better restricted
    to their own accounts and not so easily wander into other user's accounts.
     
    #3 Spiral, Jun 13, 2009
    Last edited: Jun 13, 2009
Loading...

Share This Page