Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Question about suPHP and Cgi Mode

Discussion in 'General Discussion' started by noimad1, Jun 12, 2009.

  1. noimad1

    noimad1 Well-Known Member

    Mar 27, 2003
    Likes Received:
    Trophy Points:
    It is my understanding that suPHP forces php scripts to run as the user right?

    However, does this mean that we have to run php5 in cgi mode for the processes to show as the user?

    The reason I ask is I have php5 running suPHP, but in dso mode, and the php processes are still showing as "nobody". Do I have to turn on cgi mode as well?
  2. StingRay2k01

    StingRay2k01 Active Member

    Jun 15, 2003
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    I would just say "yes" but apparently you have to post at least 10 chars. So now I have two sentences instead!
  3. Spiral

    Spiral BANNED

    Jun 24, 2005
    Likes Received:
    Trophy Points:
    I have been using SuPHP for a number of years now even back when phpSuExec
    was still popular and was the only thing most people knew about despite the
    general securitymess phpSuExec was making of things at the time under the
    delusion of helping security. Unlike phpSuExec, SuPHP really does help in terms
    of your general security and being able to track user script execution better.

    Anyway, to answer your question and so you know how suPHP functions ...

    1. PHP itself has to be compiled as a CGI in order to be linked to SuPHP.

    2. SuPHP itself is an Apache DSO module that **CALLS** the PHP CGI binary
    and executes it which the owner and permissions of the account from
    where the PHP script is being executed.

    So know you understand a little more how SuPHP functions. It is an Apache
    module that calls the PHP CGI binary usually located at /usr/local/bin/php-cgi.
    The PHP portion is run as a CGI binary and is **NOT** an Apache module!

    (Side Note: I don't recommend FastCGI for servers running SuPHP)

    Configured properly, SuPHP will give you a great boost in security and
    allow you to more closely monitor script executions and keep log records
    that trace back to account origins plus users will be better restricted
    to their own accounts and not so easily wander into other user's accounts.
    #3 Spiral, Jun 13, 2009
    Last edited: Jun 13, 2009

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice