The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Upgrading to suPHP - live enviroment

Discussion in 'Security' started by xqdm, Oct 5, 2010.

  1. xqdm

    xqdm Member
    PartnerNOC

    Joined:
    Oct 24, 2006
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    So I currently have over 400 websites on a server, as I am aware suPHP does the following:

    * strips htaccess files from handlers and other functions which may cause an internal 500 error.

    * folders with the permissions set to 777 will also report an internal server error (these should be 755).

    So I am after the easiest way to migrate these accounts across without the hassle of modifying each account.

    The 2nd option would be best if it was scripted to automatically search for folders within the public_html folders with the permissions 777 and to modify these to 755, ill create this one and see how it goes.

    Anyone gone through this and have any pointers?
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Clarification

    This is not quite accurate as written. The cPanel tool that switches the PHP handler to suPHP makes no changes to .htaccess files. .htaccess files are still valid with suPHP. What is not valid in .htaccess files with suPHP are php_flag, php_admin_flag, php_value, and php_admin_value directives. These directives are only valid with DSO and will cause an internal server error with suPHP.

    Any custom PHP configuration directives in a .htaccess file need to be placed in a custom php.ini file when suPHP is used. To do this, copy /usr/local/lib/php.ini to the directory that needs the custom options, and edit that local php.ini file. Also note that the custom php.ini file only applies to the directory in which it is located. Custom php.ini files do not apply to subdirectories of the directory that contains the php.ini file, unless the subdirectories also contain their own custom php.ini files.

    Directories need 755 or less permissive permissions, and script files need 644 or less permissive permissions. All files and directories must be owned by the account user and group, not nobody, root, or another account user.

    It is very easy to switch PHP handlers with little to no downtime. You can do this in the WebHost Manager using Main >> Service Configuration >> Apache Configuration >> PHP and SuExec Configuration. You can also do it from the shell using /usr/local/cpanel/bin/rebuild_phpconf. What I recommend doing is switching to suPHP, then watching the suPHP log for errors:

    Code:
    # tail -f /usr/local/apache/logs/suphp_log
    In the event of a problem with permissions or ownerships, the Apache error log may also contain an error:

    Code:
    # tail -f /usr/local/apache/logs/error_log
    Error messages from internal server errors generated by suPHP tend to be very explicit and will usually tell you exactly what needs to be changed. If you see an error, you can switch the handler back to DSO, change the problem permissions or ownerships, and then switch the handler back, with very little downtime for your sites.
     
  3. GaryT

    GaryT Well-Known Member

    Joined:
    May 19, 2010
    Messages:
    321
    Likes Received:
    3
    Trophy Points:
    16
  4. xqdm

    xqdm Member
    PartnerNOC

    Joined:
    Oct 24, 2006
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    Thanks David & Gary! this will aid with the migration! I will keep you guys updated!
     
  5. GaryT

    GaryT Well-Known Member

    Joined:
    May 19, 2010
    Messages:
    321
    Likes Received:
    3
    Trophy Points:
    16
    No problem, It seems simple, Hardest bit is making sure the USERS can only access there account - Be very carefull when your doing chown.

    May I also why your changing apache, Is there a reason and such. 400+ websites will put more resource on your server, But in the same time your increasing security.
     
  6. xqdm

    xqdm Member
    PartnerNOC

    Joined:
    Oct 24, 2006
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    Security is the biggest factor, also when installing files via HTTP, the user usually reads "nobody" - suPHP fixes this.
     
Loading...

Share This Page