The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Understanding SUEXEC and PHPSUEXEC

Discussion in 'General Discussion' started by RedFutura, Mar 8, 2006.

  1. RedFutura

    RedFutura Well-Known Member

    Joined:
    Jun 11, 2003
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    I have on all my servers SuExec and PHPSuexec, but recently I had to remove PHPSuExec because I needed to instal eAccelerator (which I greatly recommend). The problem is that I don't understand 100% how SuExec works without PHSuexec.

    This is how I think things should be. Please correct me if I am wrong:

    1. With SuExec and PHPSuexec:
    - All files and folders have owner user:user

    2. With SuExec and NO PHPSuexec:
    - PHP, HTML and all NON-CGI files have owner nobody:nobody
    - Public_html folder has owner user:nobody <--- not 100% about this one
    - Cgi-bin folder and files inside have owner user:user

    With this setup most things work fine, but I have 2 main problems right now:
    1. Apache cannot write in public_html root, but it can in folders inside.
    2. Files cannot be deleted through FTP.

    Any help would be greatly appreciated.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Probably the simplest thing to do would be to run /scripts/chownpublichtmls which resets the /home/*/public_html directories to the correct ownership and permissions.

    To clarify:

    Suexec:

    Has nothing to do with php and is solely for CGI scripts (usually perl) which run under the user:group of the account. The scripts must be owned by the account and within a directory that is not world writable to work

    Phpsuexec:

    Soley to do with php scripts. With it enabled, scripts and files should be owned by user:group and again should not be world writable With it disabled, scripts should still be owned by user:group, but files they create will be owned by nobody:nobody and so directory permissions and script permissions must be such that nobody:nobody can access them, i.e. chmod 666.
     
  3. RedFutura

    RedFutura Well-Known Member

    Joined:
    Jun 11, 2003
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    If I chmod a folder with 666 I get a 403 error.

    If I chmod with 655 it works but apache cant write files on it.
     
  4. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    644 is what you need and 755 on the directories.
     
  5. RedFutura

    RedFutura Well-Known Member

    Joined:
    Jun 11, 2003
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Right now I have files and folders with owner user:group, and folders with chmod 755, but apache cannot upload files or modify files. Files have 644.

    What should be the correct permissions? I have tried what chirpy said but I get a 403 error.
     
  6. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    You most likely still have an ownership problem. If the ownerships were correct you'd have no problems with those permissions. So, if the user was "user1" the ownership and group should be user1:user1 and for directories, permission 755 and files 644.

    If the ownership seems correct and you still get failures, my guess is you aren't really running phpsuexec/suexec. To verify this for sure, try a chmod 777 and put the following line in your PHP file and see what ownership the resulting file 'ownership' is, that will tell you what owner it is running as:
    PHP:
    <?php system("id > ownership"); ?>
     
  7. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Actually on reflection, the anove was kind of a confusing way to work out who PHP is running as. Instead, putting this in a PHP file would be a smarter and more direct way of working out what it's running as:
    PHP:
    <?php passthru("id"); ?>
    You could use variations on this, like replacing the "id" with "ps -ef | grep httpd", or 'ps -fp$$', to find out more.
     
Loading...

Share This Page