PitadaVespa

Active Member
Aug 28, 2006
28
0
151
Hi!

I upgraded my server to Apache 2.0 and PHP 5.2.4 last week.
Everything went just fine, with no downtime or problems to my clients, and everything is running great.

My question is: Could my server be even better?
What Apache/PHP modules are, generally speaking, needed in a WHM/Cpanel environment?


I have installed the following "modules":


Short Options List:

Frontpage, Mod SuPHP, IonCube Loader for PHP, Mod Perl, Zend Optimizer for PHP, Mod Security

Exhaustive Options List:

-Apache: Asis, Env, Expires, Fileprotect, Frontpage, Headers, Imagemap, Mod SuPHP, mod_proxy, Speling, UniqueId

-Other Modules: IonCube Loader for PHP, Mod Perl, Mod Security, Zend Optimizer for PHP

-PHP 5.2.4: Bcmath, CGI, Calendar, Curl, CurlSSL, FTP, GD, Iconv, Imap, Magic Quotes, Mbregex, Mysql, Mysql of the system, POSIX, Path Info Check, Pear, Sockets, Zlib


Do I need all of them?


Thanks in advance :)
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,216
12
313
Houston, TX
cPanel Access Level
Root Administrator
Any module that is absolutely required for the proper functioning of cPanel/WHM is not optional. Therefore, you don't have to worry about inadvertently disabling something cPanel/WHM needs..

Beyond that, you don't need to install any further modules. You can install additional modules as needed, but generally if you nor your customers need a specific module, it's best to leave it disabled.

Also, before installing any module, be sure to thoroughly understand what it does and know if it's a good thing or a bad thing. For example, PHP's Magic Quotes module is considered by many to be a security risk thus should not be enabled.
 

gkgcpanel

Well-Known Member
Jun 6, 2007
214
1
166
cPanel Access Level
DataCenter Provider
Can PEAR installation harm other shared users?

Question...

By default, we have PEAR packages disabled for each user. It was our understanding that PEAR could be used to install any PHP module/package, and therefore considered a security risk. We don't want just anyone installing PHP packages/modules via PEAR...

But my research seems to indicate that PEAR is actually installed under each users directory structure and by doing so, it would only effect their directory if they install something malicious.

Is this really the case? Can we allow users to install their own PHP modules via PEAR and be confident that they can't install a module/package that could compromise the box or another shared user on that box?

We have a request from a user wanting us to install PEAR for them, but I have been reluctant to do so, until I know that it can't harm the box or anyone else.

Thanks.
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,216
12
313
Houston, TX
cPanel Access Level
Root Administrator
Question...

By default, we have PEAR packages disabled for each user. It was our understanding that PEAR could be used to install any PHP module/package, and therefore considered a security risk. We don't want just anyone installing PHP packages/modules via PEAR...

But my research seems to indicate that PEAR is actually installed under each users directory structure and by doing so, it would only effect their directory if they install something malicious.

Is this really the case? Can we allow users to install their own PHP modules via PEAR and be confident that they can't install a module/package that could compromise the box or another shared user on that box?

We have a request from a user wanting us to install PEAR for them, but I have been reluctant to do so, until I know that it can't harm the box or anyone else.

Thanks.
Keep in mind that PEAR packages are not like PECLs. PEAR packages are more like pre-written PHP code from a central repository. When installed via the cPanel interface, it will only be installed for that user and can only affect that cPanel user. However, you can install them via the WHM interface and thus make them available to all users if you desire.

PECLs are the libraries that tie into PHP and affect how the PHP interperter operates - typically to add support for non-native features such as Oracle databases. Thus, it is more of a security risk so this is not available via the cPanel interface, only the WHM interface.