PHPSUEXEC - What you need to know.
Posted by - NA - on 13 January 2011 09:41 PM
All Linux/Cpanel servers are now running phpsuexec. This means that your server has a CGI installation of php with suexec enabled, as opposed to php running as an apache module.
What is the difference?
Most sites will not be affected with the change, running php as cgi with suexec. Phpsuexec works in much the same way that cgi (perl scripts etc) with suexec does, all applications being run under your account user name UID/GID, rather than in php's case as an apache module, the user "nobody".
This simply means that rules that apply to .cgi + .pl files on your current server, apply to php files also - The maximum permissions permitted on directories and .php files is 755. Failing to have have permissions set to a MAXIMUM of 755 on php files and their installation paths, will result in a 500 internal server error, when attempting to execute them.
But my install scripts say I need 777 for my directories or files!
No, you do not need to have directories or files set to 777, even if your installation documents tell you that you do. Permissions of 755 will work in the same way. Scripts owned by your account user will be able to write to your files in the same way that they can running under apache with 777 permissions.
If you have php applications/scripts that have directories set to 777, (required to write to them under php/apache module), they will need to be changed to 755. Also you will need to change ownerships of all files owned by user "nobody" to the username for your account. (Please submit a helpdesk ticket for assistance with this.)
You cannot manipulate the php.ini settings with .htaccess when running php as cgi/phpsuexec.
If you are using .htaccess with php_ value_entries within it, you will receive an internal server 500 error when attempting to access the scripts. This is because php is no longer running as an apache module and apache will not know how to handle those directives any longer.
All php values should be removed from your .htaccess files to avoid this issue. Placing a php.ini file in its place will solve this issue. (Please see below.)
Default settings - I need Zend Optimizer or php to run with different options than the servers default settings, can I do this?
The server default settings with php.ini may restrict certain applications, it is possible to modify the settings and how php will run on your account, on a PER DIRECTORY basis.
If you have an application that requires, for example:
register_globals = On
Then by creating a file named php.ini within the directory that the script is located in, with the following entry, will allow you to run that script with your special settings and requirements.
So your php.ini file (located in your script directory) would have the following text:
register_globals = On
If you also require Zend Optimizer to be installed for your application, you would add the following to your php.ini file:
register_globals = On
You may also copy the other variables from the phpinfo page, as they appear within it, and modify the settings as required for your scripts.
Some important relevant default php values are as follows:-
register_globals = Off
register_argc_argv = Off
safe_mode = On
magic_quotes_gpc = Off
All other settings can be viewed from your servers phpinfo.php page.
If any of the above default values need to be changed, then please create a php.ini file with the new setting and place it into your script directory!
If your script is giving you errors, try creating the php.ini file and then turning all the above default values to ON, one by one.
Quick Help Trouble Shooter
HELP! My php script doesn't work or I have an error message
1. Check that the php script you are attempting to execute has MAXIMUM permissions of 755. (644 will work just fine normally.) If your script has permission of 777, then it will generate a script error 500 message.
2. Check that the directory permissions that the script resides within is set to a MAXIMUM of 755. This also includes directories that the script would need to have access to.
3. Check that the files are owned by you. ie. Not owned by user nobody. Certain applications having been run under php as an apache module, may have files owned by the apache user - In that case, just submit a helpdesk ticket for the file ownerships to be changed to your account username. Please be specific when letting us know where the files are located that need to be changed.
4. Check that you do not have a .htaccess file with php_values within it. They will cause a 500 Internal server error, when attempting to execute the script.
The php_values will need to be removed from your .htaccess file and a php.ini put in its place, containing the php directives, as explained above. You might need to place the php.ini file into more then one directory. (Each directory where you have a php script needing the special php directives will need to have a php.ini file. Settings from a higher folder will NOT cascade down to lower folders.
5. If you're getting errors about open_basedir restrictions or include paths not being allowed, then put the following text into a php.ini file. (And then put the file into the directory that contains the files being accessed through the user's browser.)
open_basedir = "/home/accountusername"
(Replace accountusername with the cpanel account's username.)
6. Submit a helpdesk ticket if the above fails.