What is phpsuexec?

Phpsuexec is a deprecated feature in cPanel where PHP is setup as CGI instead of apache module. All shared hosting servers for JaguarPC have been updated from phpsuexec to suPHP. This KB applies to such clients that are still using phpsuexec on their VPSs/Dedicated servers. Phpsuexec brings a new level of security to the way PHP is used. 

1) PHP scripts execute using the permissions of the userid of the account holder instead of user "nobody".

2) World writable folders (chmod 777) are not required for file uploads through PHP.

3) The PHP file needs to have ownership of the user to execute in the user account (by default it is). 

4) The PHP file (script) does not need 755 permissions. 644 is fine. In fact 400 or 600 is OK too (especially good for sensitive information).

5) php_flag or php_value can NOT be used in .htaccess files (It will result in Internal Server Error). 

6) The php flags that do not work in .htaccess can be moved to a php.ini file in the same folder where the PHP script exists. However, the php flag/value will be in the format of php.ini and not that of .htaccess. For example this from .htaccess: 

php_flag register_globals off

will go into php.ini as:

register_globals off

If php.ini exists in the folder where the PHP script exists, it will take all values from it and nothing will be taken from the server's main php.ini.

7) If the folder that contains a PHP file/script is world writable (chmod 777), it will result in Internal Server Error. This is similar to CGI/Perl scripts under suexec that do not like such permissions for security reasons. The normal folder permissions should be 755.

8) Apache specific PHP functions do not work:

http://www.php.net/manual/en/ref.apache.php

9) If your .htaccess file contains the "Options" directive, it should have + or - with the directive to keep the ExecCGI active.

10) Symbolic links do not work for PHP scripts for security reasons.

11) Some web applications (OS commerce, ZenCart etc.) check if its configure.php files are writable (since PHP is being executed with userid it should be), so it will complain that its writable. Please change the permissions to 444 via ssh. (chmod 444 /path/to/configure.php). These files are usually under scriptfolder/includes and scriptfolder/admin/includes.

12) HTTP authentication via PHP code does not work. However you can continue to use it via .htaccess or the password protected folder feature of the control panel.

13) If you use "AddType application/x-httpd-php" in .htaccess, it should be set to "AddHandler application/x-httpd-php5".

Similarly if you are using ForceType in .htaccess to force a file to be treated as PHP, you will need to change it to SetHandler.
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

What are some basic software paths?

Sendmail: /usr/lib/sendmailPerl5: /usr/bin/perlServerpath: /home/username/public_htmlRoot path:...

How do I change File Permissions?

If you're new to scripting, or getting the dreaded "Internal Server Error" when you try to run a...

What is SSI (Server Side Includes) and how can I use it?

Server Side Includes (SSI) is a feature of CGI that enables you to dynamically insert a piece of...

Where do I place CGI scripts?

Although you can place cgi scripts in random directories throughout your site, it's best if you...

What is PHP and how do I use it?

PHP is a powerful server-side scripting language that can be used to extend the functionality of...