The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

suPHP

Discussion in 'General Discussion' started by rmj, Feb 14, 2006.

  1. rmj

    rmj Member

    Joined:
    Feb 20, 2003
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    suPHP seems to be maturing quite nicely. I was wondering if cPanel is considering or planning as adding it as an option as an option vs phpsuexec.

    Any discussion is welcome as well.

    For those of you who are unaware what I am talking about, the website can be located here

    http://www.suphp.org


    Thanks in advance.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You'd have to ask cPanel directly. Since phpsuexec is providing the protection/options required at present I wouldn't have thought they'd be looking at alternatives, but you never know.
     
  3. jack01

    jack01 Well-Known Member

    Joined:
    Jul 21, 2004
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    16
    According to a programmer at ModernBill, phpsuexec reached it End of Life (EOL) in 2004, and he reckons that suphp is better anyway (don't ask me why) ..... It seems to me that it would be good at least to have the version that had not reached its end of life and is still being developed (i.e. suphp) available in cPanel - as an option.

    Any comments or experiences with suphp v phpsuexec?
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    cPanel have said that they'll continue to support phpsuexec for as long as it's needed in the apache v1.3 environment themselves. I'm not aware of any specific bugs in phpsuexec, so there doesn't seem to be a particular need to recode away from it, IMO. The only major "feature" when using phpsuexec is with HTTP_AUTH environment variables, but there are workarounds for that.

    Of course, ideally, the php developers would pull their fingers out and develop a security model of their own for shared hosting environments which have got to be a major proportion of the users of php, but I haven't seen any indication that they're going to address that failing.
     
  5. jack01

    jack01 Well-Known Member

    Joined:
    Jul 21, 2004
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    16
    I hear you and heartily concur since this would happen to suit my purpose.

    However I guess it's also the case that server security ideally should not be so reliant on PHP-level solutions, whether produced by the PHP team or 3rd parties. I think virtual 'shared' hosting and the way it seems to have evolved is simply not ideal. (most probably you know this from experience better than me anyway Chirpy). :)

    I personally wasn't disputing the stability or usability of phpsuexec, I currently use it on all my servers. I was just concerned about future-ability, and also like the thread starter, whether there were any comments forthcoming regarding the merits of suphp v phpsuexec.
     
    #5 jack01, Mar 6, 2006
    Last edited: Mar 6, 2006
  6. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    suPHP does have some features that I do like over phpSuExec. However, you also need to do a lot of patching and fixing of the suPHP code to really get it to work. I am testing a suPHP set up on one of our newer servers to see if there are any issues. The main feature in suPHP that I really like is the ability to add a suPHP_ConfigPath to a VirtualHost entry in the httpd.conf file. This means that you as a server administrator can control custom php.ini directives per account. The phpSuExec solution is to read the php.ini file that is in the same directory as the PHP script. This can be a hassle if you have one account that wants to have register_globals enabled on their account, but you do not want to enable it server-wide. With phpSuExec, you have to include a customized php.ini file that has register_globals enabled and place that file in every directory on the account. With suPHP, you simply create one instance of the modified php.ini file and then use a suPHP_ConfigPath directive in the httpd.conf file and then all requests for that VirtualHost use that customized php.ini file.

    However, the main issue involving using suPHP is the fact that you have to include the suPHP_UserGroup directive for each VirtualHost. You can accomplish this by editing the default VirtualHost template, but this will be overwritten whenever you update CPanel. Ultimately I think there needs to be some degree of allowing a customizable VirtualHost template, so that suPHP will automatically work on new accounts.

    There is a Bugzilla enhancement request for this (Customizable VirtualHost Templates) at:

    http://bugzilla.cpanel.net/show_bug.cgi?id=3209

    Unless the CPanel developers want to incorporate some of suPHP functionality into phpSuExec, then I would think that allowing Customizable VirtualHost Templates would be the first step needed to really start any type of community involvement with CPanel and suPHP.
     
  7. jack01

    jack01 Well-Known Member

    Joined:
    Jul 21, 2004
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    16
    yes, I really WOULD love to be able to more easily configure on a per domain / virtual host basis. I wonder why phpsuexec was ever designed with such an awkward php.ini system :confused:, especially when contrasted with the realtive elegance of php_value or php_admin_value of mod_php ... bah.
     
  8. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    There is also a Bugzilla enhancement request for a better php.ini solution when using phpSuExec. The request is at:

    http://bugzilla.cpanel.net/show_bug.cgi?id=3756

    Concerning the use of php_flag directives in the .htaccess file. This really isn't possible when using PHP as CGI, such as the case when using phpSuExec or suPHP. This is because the .htaccess file is part of the Apache model and when you run PHP as CGI, the PHP code is not executed under the Apache model, so it does not recognize the .htaccess file.
     
  9. jack01

    jack01 Well-Known Member

    Joined:
    Jul 21, 2004
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for the bugzilla link.

    I already knew that, i was just referring to the contrast in methods, i.e the relative simplicity of one file (.htaccess) heirachically affecting all lower directories etc.
     
Loading...

Share This Page