The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Question]suExec effect?

Discussion in 'General Discussion' started by finly, Sep 26, 2007.

  1. finly

    finly Member

    Joined:
    Apr 5, 2007
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    Currently I have suExec disable in my server.
    All runs well until one of my clients do Joomla installation manually.
    It gives him all the folders unwritable. And should be chmod-ed to 777.
    He asked me to turn on suexec.

    If I turn on/enable suexec, what will happen with my other clients? Will there any errors with others clients folders?

    I see in other post the common problem is will give 500 Internal error?

    What should I do, if I will have this problem?

    Thank you for your answers.

    Regards,

    FinLy
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Enabling suexec will only affect CGI scripts (typically perl) not PHP scripts. Or did you mean phpsuexec? If so, then with phpsuexec enabled you need to ensure that the php scripts are owned by the account (not "nobody") and the scripts and the directories they are in do not have world write or execute permissions enabled on them.
     
  3. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    FYI, read about PhpSuexec and Suexec: http://servertune.com/kbase/entry/46/
     
  4. finly

    finly Member

    Joined:
    Apr 5, 2007
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    phpsuexec

    Thank you Chirpy, Great answer and I just realized, you are right. What I meant is phpSuexec. Will this give me errors for my other clients (let's say if they have 777 permission in their folder) ?

    Which is better, to turn this on or off?

    Thank you again.

    FinLy
     
  5. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Indeed if your client PHP files are 755 or 777 they are not going to work after you turn on phpsuexec. Some planning should be done before enabling phpsuexec because of that. In a phpsuexec environment, php files usually are chmod 644. And like Chirpy said, the files need to be owned by the account user (and not 'nobody') and that the directories are not chmod 777 and that the public_html directory itself is chmod 750 or 755.

    With that said, I wouldn't run a server without phpsuexec (i'm still on apache 1.3.xx). Somewhere on these forums you can probably find a script that somebody probably has written up which would change any .php files with incorrect permissions to the correct permissions. Might want to do a search for that.

    Again though, if you have a lot of customer sites with PHP and CGIs active that they installed, you're likely going to have some support issues. So do your homework beforehand.

    Mike
     
  6. finly

    finly Member

    Joined:
    Apr 5, 2007
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Hello Mike,

    Thank you for your reply. I appreciate it so much.

    If I catch your post well, it means in phpsuexec environtment, Folders should be 755 and files 644, right?

    Btw, how about some scripts, let's say WHMCS, when we want to install it, it says some folders/files should be chmod-ed to 777 . Will this then work in phpsuexec environtment?
    Also how about other scripts that sometimes need 777 ?

    Could you please tell me what "homework"/preparation, I should do before turn phpsuexec on?

    Thank you.

    Best Regards,

    FinLy
     
  7. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Homework/Preparation: Although this may be difficult depending on the number of accounts you have, if you have Fantistico installed you should check and see what customers of yours have Fantastico scripts installed and note those accounts. You should see which customers have the addon scripts installed that come with Cpanel like the ones you can install within cpanel (phpbb, etc.). You should try to browse some of your customer websites and see what type of software they are running - try to determine which ones may be more effected by the change than others. And also, just be prepared for support problems. I mean nothing is painless, and changing to phpsuexec may nto be painless, especially if you have a lot of sites/accounts on the server. But on Apache 1.3.xx, phpsuexec is definitely the wise choice, along with safe mode off and disabling of various functions in PHP and securing and hardening /tmp so that you can minimize the likelihood that a poorly written script can be exploited and take out your whole server.

    Most likely the biggest problems would arise from customers of yours who have installed their own PHP scripts/applications and their own CGIs and have developed their own websites in PHP. Because those are the ones who could run into problems.

    When you turn phpsuexec on, I wonder if Cpanel automatically goes through and changes the permissions of php files. I'm not sure. I cannot guarantee this. But I can say that I did not always run phpsuexec. When I compiled in phpsuexec support, I didn't have to change anything on my customer's sites for them to work. But then again, at the time I only had about 10-15 sites, and not all of them were PHP sites.

    As far as scripts that 'require' chmod 777 in a phpsuexec environment, there are probably very very few. The biggest reason that people used to have to chmod files and folders to 777 is so that the 'nobody' user that Apache would run under could create/modify files in those directories - By default, a customer accoutn's web files are automatically owned by the user (and not nobody). So 'nobody' would not have permission to write to those directories unless a person chmod'd the directory or file 777. With phpsuexec ON, the PHP and CGI scripts are run _as_that_user_ - instead of being run as 'nobody'. So many would not have to be chmod'd 777 any longer just to allow 'nobody' to write to them. And since the files are owned by the user and the CGI and PHP files are run as that user, chmod 777 isn't necessary to the extent that it used to be... and in fact, if you try to pull up a .php page that is chmod 755 or chmod 777 with phpsuexec on, you'll get a server error.

    Mike


     
  8. finly

    finly Member

    Joined:
    Apr 5, 2007
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Hello mtindor,

    Thank you very much for your great reply. I will consider it.

    Best Regards,

    FinLy
     
Loading...

Share This Page