PhpSuExec

From JumbaWiki

Jump to: navigation, search

phpSuExec is an Apache module offering advanced security for PHP scripts. Most of Jumba's servers are now using phpSuExec.

Contents

File permissions

On many Apache servers, PHP runs as the generic user nobody. This means that all your PHP scripts are readable and writable by all users on the server. With phpSuExec enabled, your PHP scripts will execute under your own username. Files or directories that your PHP scripts write to no longer need to have 777 permissions.

In fact, having 777 permissions on your scripts or the directories they reside in will not run and will instead cause a 500 internal server error, to protect you from someone abusing your scripts. Your scripts and directories can have a maximum of 755 permissions (read/write/execute by you, read/execute by everyone else).

php.ini files

phpSuExec does not allow the use of .htaccess to change PHP settings, however you can set PHP configuration options with a php.ini file.

Examples using .htaccess (non phpSuExec server) 

php_value register_globals 1
php_value memory_limit 16M

Equivalent examples using php.ini (phpSuExec server) 

register_globals = On
memory_limit = 16M

You will normally need a php.ini file for each sub-directory where it is required. That is, unlike .htaccess files, php.ini files do not automatically apply to subdirectories. To avoid this requirement and only have one php.ini file that applies to all directories, you can add this line to your .htaccess file: 

SetEnv PHPRC /home/myusername/public_html/subdir

then the php.ini in that directory will apply to your whole site.

Note that server / global php.ini settings do not cascade into custom files, rather, the custom file completely replaces the server one as the source of configuration. Any property not directly specified in a php.ini file reverts to its PHP default.

Does my server use phpSuExec?

There are several way to find out if your site's server is running phpSuExec.

  • Create a .htaccess file in your public_html directory, and put one of the entries from above into it. If you get a 403 "forbidden" error when your site is loading, then you're on a phpSuExec server. If it works fine, then chances are your on a non phpSuExec server.
  • chmod a file to 777. If you find you can no longer access it via your browser, you are running phpSuExec.
  • Email support@jumba.com.au if you're not still sure and one of the techs will let you know


See also

External links

Retrieved from "http://wiki.jumba.com.au/wiki/PhpSuExec"
Personal tools
Australian Photographs | Unique Views of Reality | Daedalus