SuPHP + CGI
- somewhat slower output layer than DSO
- no PHP directives are allowed in .htaccess anymore, must be either in httpd.conf, main php.ini or per-vhost php.ini (the latter by using the suPHP_ConfigPath directive within vhost)
- more secure than DSO especially with Suhosin extension (Suhosin might require tweaking some of it's directives for some scripts)
- won't allow http://$IPADDRESS/~username invocations anymore if it's compiled in PARANOID mode, which is preferred and most secure way of running it
- since you are on cPanel, user 'nobody' can be disallowed to send mails to remote addresses in WHM
______________________________
Suphp is a handler while suhosin is a patch protection for protecting PHP. In clear, you don't need to run apache as cgi to setup suhosin, and this will probably be a very good additional.
Suhosin is only an advanced protection system for PHP installations.
suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.
These settings are for the whole server and can't be used for one certain account
mod_php:
- fast
- runs not under admin user of the site
- well suited for low and high traffic sites, but not for cms systems like joomla.
suphp:
- not so fast
- script runs under web admin
- secure
- well suited for low traffic sites
fastcgi
- fast
- script runs under web admin
- secure
- well suited for high traffic sites
______________________________
SuExec forces all CGI scripts to run as the user. This can include PHP if PHP is set to run as CGI.
SuPHP forces all PHP scripts to run as the user (assuming PHP is set to run as SuPHP)
PHP as an Apache module is DSO. This is the default in a cPanel/WHM environment and results in PHP running as user nobody.
PHP as CGI will run PHP scripts as if they were CGI scripts. This has several side effects such as the script_name Superglobal variable returning the PHP CGI binary rather than the script.
cPanel/WHM no longer natively supports phpSuExec, we now use SuPHP instead.
Resolve suexec permission issue server wide
-----------------------------------------------------------------------------
After enabling SuExec on server most users getting “500 Internal Server Error” at that time refer following steps.
1st) Correct cPanel users files/directories ownership.
——------------------------------------------------------------------
for i in `cat /etc/trueuserdomains | awk ‘{print $2}’`
do
chown $i.$i /home/$i -R;
chown $i.mail /home/$i/etc -R;
chown $i.nobody /home/$i/public_html;
done;
—–-------------------------------------------------------------------
2nd) Correct permission for files and directories for cPanel users from shell but make sure that you logged in as root user and running following command in /home partition.
—–-------------------------------------------------------------------
find . -type d -perm 777 -exec chmod 755 {} \;
find . -type f -perm 777 -exec chmod 755 {} \;
—–-------------------------------------------------------------------