Suexec And Suphp?
Feb 8, 2008what are suexec / suphp and for what purpose we use it.
View 1 Replieswhat are suexec / suphp and for what purpose we use it.
View 1 Repliesmy server is centos and cpanel,
i setup it with suphp and suEXEC,
and i set the register_globals as off on server,
now,i had a website need register_globals on,
i search many articles and try to edit php.ini and .htaccess,
but all still show
FATAL ERROR: register_globals is disabled in php.ini, please enable it!
or
500 internal error
could anyone teach me how to solve the issue?
Do you have any idea for patch PHP suEXEC with "ln" command?
View 9 Replies View Relatedwhat fellow users here set --with-suexec-docroot in Apache
installations when cgi-bin folder is outside the public_html folder.
Looks like setting it to /home is the only way.
I installed lsws without apache conf file(httpd.conf). Then I created a new virtual host in "suEXEC" Template. I added a new user via SSH and made home dir for him and chowned his home dir + all his files to hisusername:hisusername. His home dir(/home/user/) is chmoded to 755 and his /public_html to 711. It worked fine but after that I installed phpbb3 forum and when I tried to chmod config.php to 600 I got an error on the forum:
Fatal error: require() [function.require]: Failed opening required './config.php' (include_path='.:/usr/local/lib/php') in /home/username/public_html/common.php on line 127
When I was using lsws with apache conf file and I had configured suEXEC + suPHP for apache I was able to chmod config file to 600 and it worked fine. I have no idea what could be the problem now.
It works fine when I chmod config.php to 755 but for security reasons I would need a way to configure it to 600.
LiteSpeed si running as nobody:nobody.
EX. APP settings:
LSAPI App
$VH_NAME_lsphp
uds://tmp/lshttpd/$VH_NAME_lsphp.sock
SCRIPT HANDLER settings:
Suffix: php5
Type: LiteSpeed API
Name: [VHost Level]: $VH_NAME_lsphp
I have a problem in the last apache upgrade (apache 2.2.8 + php5) step .
exactly in "Configure Suexec and PHP"
I found this option doesn't have multi values as CGI or Suphp just I found none :
PHP 5 Handler none
PHP 4 Handler none
I must to return to build apache1 with php4 for I can see suphp and cgi in "Configure Suexec and PHP" "PHP 4 Handler" option .
Is there any which works with this turned on?
View 3 Replies View Related(what I did find was for old apache, not 2.2)
I have Fedora Core 5 wih Apache 2.2.2 and VirtualHosts setup, currently running mod_php and mod_suexec. I would like to switch to use php with suexec because I need to edit files with php that "nobody" doesn't have access to (777 not an option).
Right now mod_suexec works great with Perl, but not PHP. So I ask, how can I get them to play nice?
Can anyone tell me the difference between SuExec and PHPSuExec. I hear eaccelerator will not work with PHPSuExec but will it work with SuExec?
View 2 Replies View Relatedwhat is phpsuexec and suexec and how to stop them ?
View 1 Replies View RelatedI've been attempting to develope a server running apache 2+, php 5, and I was running into issues installing php as cgi.... All my scripts require The shebang:
#!/usr/bin/php at the top to execute properly. Anyone know a good site/how to that explains how to do this?
has anyone else here run suexec with apache? If so, could you tell me what you compiled it with? Just curious, as I think i'm doing everything right, yet I still fail
Can I have Apache suexec with cPanel?
View 5 Replies View RelatedI want to ask about suexec.
Currently I disable suexec in my dedicated server.
Which is better, to enable it or not?
What will happen to existing sites folder permissions if suexec is turned on?
is it good or not and why we should enable or disable it in cpanel server or other server?
View 11 Replies View RelatedI have just switched from mod_php to fastcgi + suexec, but now trying to use the ab command times out :
ab -n 10000 -c 100 [url]
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, [url]
Copyright 2006 The Apache Software Foundation, [url]
Benchmarking www.example.com (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
apr_poll: The timeout specified has expired (70007)
Total of 7422 requests completed
Then I get a bunch of emails from LFD ....
First uninstall your existing PHP.
Install httpd-devel
Second compile a new PHP with support of cgi/fcgi:
Code:
./configure --prefix=/usr/local/php-fcgi --enable-fastcgi --enable-memory-limit --with-mysql=shared,/usr --enable-discard-path --enable-force-cgi-redirect --with-imap=shared,/usr --with-gd=shared,/usr --with-libxml=shared,/usr --with-mbstring=shared --with-freetype-dir=/usr --with-jpeg-dir=/usr --with-png-dir=/usr --with-zlib-dir=/usr --with-kerberos --with-imap-ssl
make
make install
To solve the errors during configure problems take a look at this:
[url]
Next you'll need to download/install fcgid:
Code:
wget http://www.fastcgi.com/dist/fcgi-2.4.1-SNAP-0311112127.tar.gz
tar xfvz fcgi-2.4.1-SNAP-0311112127.tar.gz
cd fcgi-2.4.1-SNAP-0311112127
./configure
make
make install
Next you'll need to compile/install mod_fastcgi for Apache 2.2.2:
Code:
wget [url]
tar xfvz mod_fastcgi-SNAP-0404142202.tar.gz
cd fcgi-2.4.1-SNAP-0311112127
Now we need to apply a patch so mod_fastcgi compiles with Apache 2.2. Put the following into a file:
Code:
diff -ruN mod_fastcgi-2.4.2/Makefile.AP2 mod_fastcgi-2.4.2.for22/Makefile.AP2
--- mod_fastcgi-2.4.2/Makefile.AP2Mon Jul 29 03:36:34 2002
+++ mod_fastcgi-2.4.2.for22/Makefile.AP2Mon Dec 5 13:05:21 2005
@@ -20,8 +20,6 @@
all: local-shared-build
-install: install-modules
-
clean:
-rm -f *.o *.lo *.slo *.la
diff -ruN mod_fastcgi-2.4.2/fcgi_buf.c mod_fastcgi-2.4.2.for22/fcgi_buf.c
--- mod_fastcgi-2.4.2/fcgi_buf.cTue Feb 4 00:07:37 2003
+++ mod_fastcgi-2.4.2.for22/fcgi_buf.cMon Dec 5 12:59:01 2005
@@ -50,7 +50,7 @@
{
Buffer *buf;
- buf = (Buffer *)ap_pcalloc(p, sizeof(Buffer) + size);
+ buf = (Buffer *)apr_pcalloc(p, sizeof(Buffer) + size);
buf->size = size;
fcgi_buf_reset(buf);
return buf;
@@ -487,7 +487,7 @@
char *new_elts;
int new_nalloc = (arr->nalloc <0>nelts + n;
- new_elts = ap_pcalloc(arr->pool, arr->elt_size * new_nalloc);
+ new_elts = apr_pcalloc(arr->pool, arr->elt_size * new_nalloc);
memcpy(new_elts, arr->elts, arr->nelts * arr->elt_size);
arr->elts = new_elts;
diff -ruN mod_fastcgi-2.4.2/fcgi_config.c mod_fastcgi-2.4.2.for22/fcgi_config.c
--- mod_fastcgi-2.4.2/fcgi_config.cThu Oct 30 02:08:34 2003
+++ mod_fastcgi-2.4.2.for22/fcgi_config.cMon Dec 5 12:59:01 2005
@@ -50,7 +50,7 @@
/* Convert port number */
tmp = (u_short) strtol(portStr, &cvptr, 10);
if (*cvptr != '' || tmp <1> USHRT_MAX)
- return ap_pstrcat(p, "bad port number "", portStr, """, NULL);
+ return apr_pstrcat(p, "bad port number "", portStr, """, NULL);
*port = (unsigned short) tmp;
@@ -75,11 +75,11 @@
tmp = strtol(txt, &ptr, 10);
if (*ptr != '') {
- return ap_pstrcat(p, """, txt, "" must be a positive integer", NULL);
+ return apr_pstrcat(p, """, txt, "" must be a positive integer", NULL);
}
if (tmp <min> USHRT_MAX) {
- return ap_psprintf(p, ""%u" must be >= %u and <u>= %u and <u cp=''>= %d", *num, min);
+ return apr_psprintf(p, ""%d" must be >= %d", *num, min);
}
return NULL;
@@ -126,9 +126,9 @@
*num = (u_int)strtol(val, &ptr, 10);
if (*ptr != '')
- return ap_pstrcat(p, """, val, "" must be a positive integer", NULL);
+ return apr_pstrcat(p, """, val, "" must be a positive integer", NULL);
else if (*num < min)
- return ap_psprintf(p, ""%u" must be >= %u", *num, min);
+ return apr_psprintf(p, ""%u" must be >= %u", *num, min);
return NULL;
}
@@ -147,9 +147,9 @@
*num = (float) strtod(val, &ptr);
if (*ptr != '')
- return ap_pstrcat(p, """, val, "" is not a floating point number", NULL);
+ return apr_pstrcat(p, """, val, "" is not a floating point number", NULL);
if (*num <min> max)
- return ap_psprintf(p, ""%f" is not between %f and %f", *num, min, max);
+ return apr_psprintf(p, ""%f" is not between %f and %f", *num, min, max);
return NULL;
when i remove php suexec support, while i entering sites it save php files. how can solve this problem
Server info;
WHM 10.8.0 cPanel 10.9.0-R10737
CentOS 4.4 x86_64 - WHM X v3.1.0
i install roundcube webmail (php)
i want to add an alias like /mail for all domain to /usr/src/roundcube
i add this command in httpd.conf:
Quote:
Alias /mail /usr/src/webmail
but because suphp installed , apache run it under root user (or user assigned to it) and suphp produce "500 Internal server Error"
i am trying to setup a VPS with:
Apache Suexec, so that each VHosts runs under there own username
FTP for each of the vhosts.
I have made a username aplushost and FTP works fine when i login, however when i try and get Suexec to work it shows a 403 permision dined, even know the whole directroy path is with correct permsions.
"/home/aplushost/www"
However if i chown the directroy "aplushost" to apaches username , currently "nobody" i have tried with "apache" and many others the page is displayed correctly.
The weird thing is that the www directroy can still be set to the aplushost username and files work inside.
However due to changing the privalages of the folder aplushost ftp now fails to login due to the folder not being owned by the ftp user "aplushost".
So im stuck between only having one item working at a time.
i have put some content of my config files.
----------httpd.conf vhosts------------------
<VirtualHost 87.117.196.247>
DocumentRoot "/home/aplushost/www"
ServerName aplushost.co.uk
SuexecUserGroup aplushost aplushost
<Directory "/home/aplushost/www">
allow from all
Options +Indexes
</Directory>
</VirtualHost>
---------------passwd file----------------
aplushost:x:500:99::/home/aplushost/www:/sbin/nologin
(Have tried with many different shells, no difference, also tried with home directroy as just /home/aplushost)
I am having trouble with blank pages on some web applications; ccHost and phpBB3.
I can get these to run on a seperate VPS, that isn't as securely locked down and the dedi --- but it is of course the dedi I want to run these apps from.
I simply get blank pages when trying to access ccHost. As if PHP isn't parsing it. But in a phpBB3 installation I'm getting random blanks, some of which I can refresh out of ... What's even weirder: sometimes when I try to viewtopic - or call some function ... I get the download dialogue!? (Do you want to open or download index.php for instance).
I've been trying loads of stuff. It seems that mod_security isn't running anymore, so that isn't the issue. Could mod_cgi or mod_suexec perhaps be the cheeky offenders? I have absolutely no idea.
Just hoping someone can help me where to look... Or how I can debug this issue. I'm at a loss in how to continue. Any help will be very appreciated.
Some details... The server is hardened and secured, but...
I'm running other CMS installs on the server, and they are working fine. Even a phpBB2 install is running smooth. Besides this I'm using LAMP setup on CentOS and webmin is running.
I am running on;
Plesk versionpsa v8.0.1_build80060613.20 os_CentOS 4.2
Operating systemLinux 2.6.9-023stab033.6-smp
License key numberPLSK.00170782.0006
I need to be able to access cgi between vhost domains. In particular one frequently updated file located 'centrally' in the cgi-bin of one of the vhost domain.
I would like to be able to have other vhost domains be able to access this file but suexec won't let that happen. I have searched around and tried to following;
Created vhost.conf file in the conf directory of one of the domains.
The vhost.conf file contained (with no #):
# <IfModule mod_suexec.c>
# SuexecUserGroup userid psacln
# </IfModule>
I ran;
/usr/local/psa/admin/bin/websrvmng -u --vhost-name=<domain name>
Then reboot.
The result was all the vhosts stopped working. I reset the websvrmng, things returned to normal.
Then I tried updating the httpd.include file adding (with no #);
# <IfModule mod_suexec.c>
# SuexecUserGroup userid psacln
# </IfModule>
Then reboot.
The result was the same, all vhosts stopped working.
Does anyone have an idea how I can achieve this? I know I can disable suexec all together but that wreaked a little havoc with the cgi app when I tried that.
i got mod suexec / phpsuexec installed on the server recently. if i click on view cpu/memory/mysql usage in WHM i can see this in the first row:
<username><domain>3.170.110.1
Top Process%CPU 145/usr/bin/php
Top Process%CPU 100/usr/bin/php
Top Process%CPU 81.7/usr/bin/php
now this info is pretty useless. ok, php is evidently bursting to pretty damned high cpu levels. BUT, what are the actual FILES causing this load?
We have updated our Plesk 10.4.4 to 12.0.18. We want to use PHP with FastCGI (Apache) and get always the following suexec - error:
command cgi_wrapper not in docroot (10004)
We use CentOS 6.4
I need to change the server configuration on Plesk such that the SuexecUserGroup directive is removed, so the user's cgi scripts run as the apache user (www-data), rather than as the user specified in that directive (the domain user), as on an unshared (non-VPS) server. I don't care about security from other domains because only one domain runs on it anyway, so making the user domain-specific is irrelevant from a security point of view and stops some of the user's code working.
This directive is found in
/var/www/vhosts/domainname.com/conf/httpd.include
and is:
SuexecUserGroup user psacln
(this line appears twice, for ports 443 and 80)
I understand that this file can't be modified, as it may be overwritten by Plesk. Therefore additional directives must go in the vhost.conf file.
Will the following vhost.conf file do the trick and override the directives in httpd.include?
<VirtualHost domainIP:443>
SuexecUserGroup www-data www-data
</VirtualHost>
<VirtualHost domainIP:80>
SuexecUserGroup www-data www-data
</VirtualHost>
Why this error might have started to appear? I am fairly new to apache and was trying to harden it up.
I am use CentOS:
Server version: Apache/2.2.25 (Unix)
Server built: Oct 7 2013 17:21:18
Cpanel::Easy::Apache v3.22.14 rev9999
I was trying to add a group to control access to specific groups to enforce some security:
chown -R root:root /usr/local/apache/bin
chmod -R 770 /usr/local/apache/bin
chown -R root:root /usr/local/apache/conf
chmod -R 770 /usr/local/apache/conf
groupadd apacheadmin
groupadd apache
useradd -d /usr/local/apache/htdocs -g apache -s /bin/false apache
I think this is a permission issue.
I use "suphp" on 3 servers I own with apache 2.2.6 and suddenly yesterday (15 hours ago) one of the servers show "Internal server error" on all sites.
Tried rebuilding apache and php 4 times with no fix until I came to try handling php with cgi instead. (I always like to track who is using apache processes)
well. getting to this fix was after 10 hours of all sites not working on the server.
now (5 minutes ago) I go to http://www.suphp.org to read their docs for solution to find this
Quote:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, hostmaster@marsching.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache Server at www.suphp.org Port 80
Why did this suddenly arise while No changes were done on server software or config?
I believe this happens after the first coming apache restart or something but dunno what was the reason yet
maybe suphp.org guys have to update us when their site comes back online
what do you prefer?
fastcgi or suphp?
which one is better with suexec (in security and resource usage)?
we have installed suPHP along with suhosin on server to prevent upload of illegal scripts but still we are having problems with scripts used for phishing web sites! We have a lot of Joomla users and other php apps installed on server.
View 5 Replies View Relatedi have many problem from this
i want to remove it
i had recompiled apache without it but it still working
I have a Linux server for shared hosting in which I am using Cpanel/WHM. I have PHP running as suPHP which I believe is for security. The problem I am facing is a lot of PHP based websites create load on the server and consume as much as 10% of the CPU and sometimes some script even consumes 50% CPU. I think I can reduce the load caused by the PHP scripts by installing eAccelerator. However, it does not work with PHP running as suPHP. Can anybody tell me which one should I choose of the both? Is there any other way to reduce the load on the server?
View 14 Replies View Relatedwe are try SuPhp on Cpanel server but seem that is use a lot of resource, on 2 X quad core server we can't add more than 300 domains for server, whic configuration do u use? any alternative solution?
View 7 Replies View Related