PHPSUEXEC
Introduction
Hostroute has had PHPsuexec as an added security measure
since December 2005.
PHPsuexec runs all php scripts as your username, instead of nobody so it is
much easier to track who is running which scripts. This also fixes any permission
and ownership errors you may have seen when uploading/modifying files through
a web page.
PHPsuxec FAQ
#1. What is the difference between before
and now?
Most sites will not be affected with the change. Phpsuexec works in the same
way that cgi (perl scripts etc) with suexec does. All scripts and applications
are run under your account user name, rather than the user "nobody".
This simply means that rules that apply to .cgi + .pl files on your current
server, apply to php files also - The maximum permissions permitted on directories
and .php files is 755. Failing to have have permissions set to a maximum of
755 on php files and their installation paths, will result in a 500 internal
server error when attempting to view them.
#2. Do I need to chmod my directories to 777?
No, you do not need to have directories or files set to 777, even if your
installation documents tell you that you do. Permissions of 755 will work
in the same way. Scripts owned by your account username will be able to write
to your files, the same way that they can while running with 777 permissions.
If you have php applications/scripts that have directories set to 777, (required
to write to them under php/apache module), they would need to be changed -
Also you would need to change ownerships of all files owned by user "nobody"
to the username for your account. This cannot be done yourself, and you will
need to submit a ticket to Tech Support if you find any files in your account
under the username "nobody".
#3. What about .htaccess files?
You cannot manipulate the php.ini settings with .htaccess when running php
as cgi/phpsuexec.
If you are using .htaccess with php_value or php_flag entries within it, you
will receive an internal server 500 error when attempting to access the scripts.
This is because php is no longer running as an apache module and apache will
not handle those directives any longer.
All php values should be removed from your .htaccess files to avoid any complications.
Adding a php.ini file in its place will solve this issue.
#4. What is a php.ini file and how do I go
about making one?
The php.ini file is a configuration file that the server looks at to see what
options have been modified from the default server configuration. While the
name may seem advanced to those unfamiliar with it, it's simply a text file
with the name php.ini
To create a php.ini file, just open up a text editor, add in the lines you
need and save the file. You can name the file whatever you wish when saving.
Once done, upload the file to the directory where the script you're using
is being accessed from and then rename it to php.ini
#5. Troubleshooting
My php script doesn't work or I have an error message:
1. Check that the php script that you are attempting to execute has permissions
of no more than 755. Permissions of 644 will work just fine normally. This
is not something that will need to be changed in most cases.
2. Check that the directory permissions that the script resides in are set
to a maximum of 755. This also includes directories that the script would
need to have access to.
3. Check that you do not have a .htaccess file with php_values within it.
They will cause a 500 Internal server error, when attempting to execute the
script.The php_values will need to be removed from your .htaccess file and
a php.ini put in its place, containing the php directives as explained above.
Password protection problems
HTTP AUTH which is sometimes used to password protect directories will not work with phpsuexec because it is not able to write to the .htaccess file.
This is often used to secure an admin directory used by a specific script so in many cases you can just disable the function and use the password protection function in your control panel to secure the directory in question.
There are a list of other ways of achieving the same thing here:
http://php.mirrors.ilisys.com.au/manual/en/features.http-auth.php