What is phpsuexec? Print

  • 0

Phpsuexec is a deprecated feature in cPanel where PHP is setup as CGI instead of apache module. All shared hosting servers for JaguarPC have been updated from phpsuexec to suPHP. This KB applies to such clients that are still using phpsuexec on their VPSs/Dedicated servers. Phpsuexec brings a new level of security to the way PHP is used. 

1) PHP scripts execute using the permissions of the userid of the account holder instead of user "nobody".

2) World writable folders (chmod 777) are not required for file uploads through PHP.

3) The PHP file needs to have ownership of the user to execute in the user account (by default it is). 

4) The PHP file (script) does not need 755 permissions. 644 is fine. In fact 400 or 600 is OK too (especially good for sensitive information).

5) php_flag or php_value can NOT be used in .htaccess files (It will result in Internal Server Error). 

6) The php flags that do not work in .htaccess can be moved to a php.ini file in the same folder where the PHP script exists. However, the php flag/value will be in the format of php.ini and not that of .htaccess. For example this from .htaccess: 

php_flag register_globals off

will go into php.ini as:

register_globals off

If php.ini exists in the folder where the PHP script exists, it will take all values from it and nothing will be taken from the server's main php.ini.

7) If the folder that contains a PHP file/script is world writable (chmod 777), it will result in Internal Server Error. This is similar to CGI/Perl scripts under suexec that do not like such permissions for security reasons. The normal folder permissions should be 755.

8) Apache specific PHP functions do not work:

http://www.php.net/manual/en/ref.apache.php

9) If your .htaccess file contains the "Options" directive, it should have + or - with the directive to keep the ExecCGI active.

10) Symbolic links do not work for PHP scripts for security reasons.

11) Some web applications (OS commerce, ZenCart etc.) check if its configure.php files are writable (since PHP is being executed with userid it should be), so it will complain that its writable. Please change the permissions to 444 via ssh. (chmod 444 /path/to/configure.php). These files are usually under scriptfolder/includes and scriptfolder/admin/includes.

12) HTTP authentication via PHP code does not work. However you can continue to use it via .htaccess or the password protected folder feature of the control panel.

13) If you use "AddType application/x-httpd-php" in .htaccess, it should be set to "AddHandler application/x-httpd-php5".

Similarly if you are using ForceType in .htaccess to force a file to be treated as PHP, you will need to change it to SetHandler.

Was this answer helpful?

« Back