PHPSUEXEC - What you need to know!
PHPSUEXEC has been enabled on all our cPanel hosting servers. The reason for php running as a cgi rather than an Apache module is to increase security of the server.
What's the difference?
Most web sites will not be impacted by running php as cgi with suexec. Phpsuexec works in much the same way that cgi (perl scripts etc) with suexec does, all applications being run under your account user name UID/GID, rather than in php's case as an apache module, the user "nobody" which can be a security risk.
This simply means that rules that apply to .cgi + .pl files apply to php files also - The maximum permissions permitted on directories and .php files is 755. Failing to have have permissions set to a maximum of 755 on php files and their installation paths, will result in a 500 internal server error, when attempting to execute them.
777 - Do I need directories set to this? My install script tells me that I do.
No, you do not need to have directories or files set to 777 permissions, even if your installation documentation tells you so. Permissions of 755 will work in the same way as 777 - Scripts owned by your account user UID/GID will be able to write to your files, the same way that they can running under apache with 777 permissions.
If you have php applications/scripts that have directories set to 777, (required to write to them under php/apache module), they would need to be changed - Also we would need to change ownerships of all files owned by user "nobody" to the user name UID/GID for your account.
.htaccess modifications
You cannot manipulate the php.ini settings with .htaccess when running php as cgi/phpsuexec.
If you are using .htaccess with php_ values within it, you will receive an internal server 500 error when attempting to access the scripts. This is because php is no longer running as an apache module and apache will not handle those directives.
All php values should be removed from your .htaccess file to avoid this issue. Placing a php.ini file in its place will solve this issue.
FAQ: I need Zend Optimizer or php to run with different options than the servers default settings, can I do this?
The server default settings with php.ini may restrict certain applications, it is possible to modify the settings and how php will run on your account, on a per directory basis.
If you have an application that requires for example:
register_globals = On
By creating a file named php.ini within the directory that the script is located will allow you to run that script correctly.
EG: php.ini
register_globals = On
If you also require say Zend Optimizer to be installed for your application, you would add the following:
php.ini
register_globals = On
zend_optimizer.optimization_level=15
zend_extension="/usr/local/Zend/lib/ZendOptimizer.so"
You may copy the other variables from the phpinfo page as they appear within it and modify the settings as required for your scripts.
What is a php.ini file and how do I go about making one?
The php.ini file is a configuration file that the server looks at to see what options have been turned on, off or set to a number different from the defaults that we have set for the server. While the name may seem advanced to those unfamiliar with it, it's just a text file with the name php.ini
To create a php.ini file, just open up a text editor, add in the lines you need and save the file. You can name the file whatever you wish when saving. Once done, upload the file to the directory where the script you're using is being accessed from and then rename it to php.ini
QUICK PHP TROUBLESHOOTING
HELP my php script doesn't work or I have an error message
1. Check that the php script that you are attempting to execute has permissions of no more than 755 - 644 will work just fine normally, this is not something that needs to be changed in most cases.
2. Check that the directory permissions that the script resides within is set to a maximum of 755. This also includes directories that the script would need to have access to also.
3. Check that the files are owned by you. ie. not owned by user nobody.
4. Check that you do not have a .htaccess file with php_values within it. They will cause a 500 Internal server error, when attempting to execute the script.
The php_values will need to be removed from your .htaccess file and a php.ini put in its place, containing the php directives as explained above.
5. If you're getting errors about open_basedir restrictions or include paths not being allowed, then put the following into a php.ini file (put into the directory that contains the files being accessed through the user's browser):
open_basedir = "/home/yourusername"
Note: Replace yourusername with the cpanel account's username.