The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Select or Not Select PHP SueExec Support, that's the question...

Discussion in 'General Discussion' started by Hueznar, Jun 9, 2004.

  1. Hueznar

    Hueznar Member

    Joined:
    Feb 24, 2004
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Spain
    Can Anybody help me?.

    I don't updated Cpanel yet because I'm not sure if I must check PHP SuExec checkbox before rebuild apache. Is it necessary to correct the bug?. The last time I compiled apache with su exec support, many php scripts failed and don't worked and .htacess php flags were ignored.

    Please tell me please if compiling apache following cpanel instructions (without php su exec support) will fix the security issue or if am I obligated to select PHP Suexec

    Thanks a lot for your nice help
     
  2. icanectc

    icanectc Well-Known Member

    Joined:
    Mar 10, 2003
    Messages:
    344
    Likes Received:
    0
    Trophy Points:
    16
    You dont have to select Php SuEXEC if you dont want to. i would recommend running PHP SuEXEC for security purposes but it is not required to correct the current vuln.
     
  3. eth00

    eth00 Well-Known Member
    PartnerNOC

    Joined:
    Mar 30, 2003
    Messages:
    723
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    NC
    cPanel Access Level:
    Root Administrator
    The bug was not selecting it and as long as you run atleast current you are fine. The only version that has trouble is stable right now. I would suggest upgrading to release/current then running easyapache and adding support if you use or want it.
     
  4. Hueznar

    Hueznar Member

    Joined:
    Feb 24, 2004
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Spain
    OK, Thank you very much for your help. ...I have read thousands of posts trying to know if was estrictly necessary to select php suexec support, but when I tested it last time, I discovered that many PHP Scripts were failing, and .htacess php flags were ignored having php su exec support enabled.

    Appart from this, do you know more "restrictions" if I select php su exec support instead of not selecting it?

    Exactly, what's the difference between using or not using it?.

    I know PHP Su Exec support run scripts by the user id, but what kind of possible problems will have If I don't use it?

    Thank you again for u help
     
  5. eurorocco

    eurorocco Well-Known Member

    Joined:
    Jun 23, 2003
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    phpsuexec or not?

    NOT! Forget about PHPSUEXEC!

    Don't even waste your time there.

    PHP is PHP. Perl is Perl. CGI is CGI. And PHP will just be user nobody and group nobody running on your computer.

    I tried PHPSUEXEC and it created quite a mess. It seems PHP is okay for mundane and civilian purposes as-is.

    ER

    Now, suexec (for cgi-bin, like perl, is a must and is honky-dory). Suexec and PHPsuexec are different, as you must already know.
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I can't agree less. We have phpsuexec running on all of our servers and never had a problem with any custome - you just have to make sure that you have your file ownerrships and permissions correct.
     
  7. eurorocco

    eurorocco Well-Known Member

    Joined:
    Jun 23, 2003
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    OK! I'll give it a second look.

    Having phpsuexec working well would reduce the risk of security and privacy breaches considerably.

    Thanks for replying in favor of phpsuexec with such conviction. I needed someone really stating firm results to go deeper into this issue.

    I'll have a second look since I really hate to see all php scripts running like user nobody and group nobody.

    ER
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Having used suexec for so many years, I think it's only sensible security to run phpsuexec these days. I understand that phpsuexec was flawed at its introduction.

    The number of threads on here with people asking about all the spam emails from nobody has convinced me that any pain in running it outweighs the risks of not.

    There is also an alternative that some use called suphp:
    http://www.suphp.org/Home.html

    Never needed to try it myself.
     
Loading...

Share This Page