The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

To phpsuexec or not to phpsuexec?

Discussion in 'General Discussion' started by nothsa, Nov 18, 2005.

  1. nothsa

    nothsa Well-Known Member

    Joined:
    Nov 30, 2004
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    Hi all. I've done some research and am aware of all the benefits of it and am interested in changing to it, mainly so I know which user is running a PHP script. What I'm not aware of is any potential problems.

    I keep finding threads on forums where a few users will cite all the good things about it, and eventually someone(s) will come along and say how it's the worst coding invention ever and cites problems and everything it breaks, and then some people will debunk what he says and other will validate it.

    Can anyone tell me any potential problems that I might run into using phpsuexec and CGI PHP instead of running mod_php?
     
  2. Aric1

    Aric1 Well-Known Member

    Joined:
    Oct 15, 2003
    Messages:
    324
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    A couple of downsides:

    1) If you have users on this server already, they're going to have scripts "break" since 777 permissions are not permitted (755 is max) and no PHP values can be put in .htaccess (php.ini must be used instead).
    2) Slower and more load intensive PHP
     
  3. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    With phpsuexec enabled, PHP scripts must obey the same sets of conditions that apply to other CGI scripts. With this in mind, you shouldn't encounter any problems.

    The golden rules to which you must adhere are:

    1. Ensure script permissions are correct
    Any script that is world-writable (i.e. permissions with XXX7) will not execute. Neither will they execute from a directory that has such permissions.

    The maximum workable permissions are 0755 for both directories and scripts.

    2. Ensure ownership of files is correct.
    Directories (not including the public_html directory) and files must be owned by user:user not nobody:nobody. In general most scripts would be already owned by user:user, however files created by PHP may have different ownership.

    3. Ensure scripts are uploaded in ASCII not binary mode
    They may become corrupt during upload and hence fail to work. This should only affect incorrectly uploaded scripts after the changeover.

    You will encounter an HTTP 500 (Internal server error) due to not following these rules.

    Try checking for and changing the permissions and ownership of existing scripts and directories beforehand and make your users aware of those three rules well before you make the changes.

    Everything should then go smoothly.
     
  4. nothsa

    nothsa Well-Known Member

    Joined:
    Nov 30, 2004
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    Aric1

    #1: Do people usually chmod their php scripts to 777? I've never done it and I don't think any of my users have done it, and none of them use php values in .htaccess, so I should be OK there.

    #2: I've heard the slowdown is barely noticeable and it takes the load off of Apache so if a bad script is running, Apache is still able to serve up pages 'cause it isn't bogged down by the bad script. Is this true?
     
    #4 nothsa, Nov 18, 2005
    Last edited: Nov 18, 2005
  5. nothsa

    nothsa Well-Known Member

    Joined:
    Nov 30, 2004
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    webignition

    Hmmm... My users might have some scripts in world-writable directories. Thanks for the heads-up.

    Also good to know. Thanks for the info =)
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Most of those issues are easily overcome (permissions). There are some things that are unavaoidable:

    1. The issue Aric1 mentioned about local .htaccess and php.ini files

    2. HTTP_AUTH will no longer function. It doesn't work when running php as a CGI

    Personally, I always switch on phpsuexec on all my web hosting servers. For the few downsides I believe the security benefits far outweigh them.
     
  7. nothsa

    nothsa Well-Known Member

    Joined:
    Nov 30, 2004
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    Thanks chirpy.

    I don't think that there is anything here that I can't overcome, and the benefits for me seem to outweigh any potential problems.

    I'll be setting this up later tonight =)
     
  8. gvard

    gvard Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2003
    Messages:
    195
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Athens/GREECE
    cPanel Access Level:
    DataCenter Provider
    Good evening from Greece,

    Did u set it up? How did it go?
     
  9. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    safe mode on for me it's much better than phpsuexec or suphp
     
  10. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
    safeMode - I agree

    we have many servers - each w/ their own configuration here -

    the main thing we have noticed is there are many applications that just go nuts with phpsuexec implemented

    it is for this reason we move some clients from 1 server to another server ...


    typo3 for example hates phpsuexec - few work arounds - but it still hates phpsuexec...
     
  11. Bruce123

    Bruce123 Active Member

    Joined:
    Jul 19, 2005
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Please clarify

    About Chirpy's comment:

    We have dozens of php pages that use

    $PHP_AUTH_USER and $PHP_AUTH_PASSWORD

    for authentication. Are these going to break with phpsuexec?


    One customer also also runs the provided phpbb, which is important for them. Any concerns there?

    TIA for your help.

    Bruce
     
  12. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    AFAIK, yes, they will break.
     
  13. mich181189

    mich181189 Member

    Joined:
    Jul 31, 2005
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    yeah... phpsuexec is something I want to avoid if possible. I know one host I use is about to implememnt it. On the host I admin, im gonna try to avoid it because it is simply too limiting.
     
  14. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Regarding HTTP-Authentication, since phpsuexe is installed on your server, all .htaccess php calls to apache are void therefore force type etc. lines in the .htaccess are useless. This is because php is no longer running as an apache module and apache will not handle those directives any longer.
     
  15. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  16. PDM

    PDM Active Member

    Joined:
    Jan 7, 2004
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Angel Fire, NM
    phpBB runs fine on my server after enabling phpsuexec last month
     

Share This Page