Home >

PHPsuexec

If your PHP scripts won't run, it may be because of a module called PHPsuexec. On most Apache servers, PHP runs as an Apache module. As such, it runs directly in the user Nobody, but doesn't require the execute flag. This means that, in order to execute a PHP file, it simply needs to be world readable. The problem is that this allows every other user on the server to read your PHP files.

Allowing other users to read your HTML files is not a problem, since they can be displayed in almost any browser; however, PHP files are not readable, they are parsed, and many scripts use a PHP file to store a database username and password. This means that, without PHPsuexec, everyone on the server could read your PHP files, retrieve your password, and access your databases.

Web Hosts close this hole by installing a module called PHPsuexec, which executes PHP scripts under your username. As such, instead of using everyone's permissions, it uses the owner's permissions. You can thus lower the permissions of your PHP scripts and still be able to read and execute them, but these scripts will no longer be accessible to any other users. To prevent someone from abusing one of your scripts, PHPsuexec will refuse to execute a script if it is world-writeable .

Most scripts will not be affected by the change. PHPsuexec works in much the same way that CGI/Perl scripts work with suEXEC; all applications are run under your account user name UID/GID, rather than, in the case of PHP, as an Apache module, the user "nobody". This simply means that the standard rules that apply to .cgi and .pl files apply to PHP files as well. The maximum permissions permitted on directories and .php files is 755. Setting permissions higher than 755 on PHP files and their installation paths will result in a 500 internal server error when attempting to execute them.

Once PHPsuexec is implemented on a server, PHP scripts may not be group/world writeable/executable. If you currently have scripts that have permissions set to 755 or higher, then you will need to chmod files to 755 or less. For PHPsuexec to work, all scripts must be accessible in subdirectories. To traverse a directory, you need execute permission on that directory. Therefore, each directory containing PHP scripts needs a permission of 755. The procedure to CHMOD a directory is the same as a file.

Also, with PHPsuexec installed, you will no longer be able to have PHP directives in your .htaccess files. You can still have an .htaccess file with normal Apache options, but it can't contain PHP directives. You will need to create a php.ini file with the directives. See this link for help with the PHP directives:

http://cvs.php.net/co.php/php-src/php.ini-dist

Quick trouble shooter.....

Your PHP script doesn't work or you have an error message.

1. Check to make sure that the PHP script that you are attempting to execute has permissions of no more than 755.

2. Check to make sure that the permissions of the directory where the script resides is set to 755. This also includes directories where the script would need to have access.

3. Check to make sure that you do not have an .htaccess file with PHP directives. They will cause a 500 internal server error when attempting to execute the script.

The PHP directives will need to be removed from your .htaccess file and placed in a php.ini file, as explained above.

Do I need directories set to 777? My install script says that I do.

No, you do not need to have directories or files set to 777, even if your installation documents tell you that you do. Permissions of 755 will work in the same way - Scripts owned by your account user will be able to write to your files, the same way that they can running under Apache with 777 permissions.

What is a php.ini file and how do I go about making one?
The php.ini file is a configuration file that the server looks at to see what options have been turned on, off or set to a number different from the defaults that are set for the server. It's simply a text file with the name php.ini. To create a php.ini file, just open up a text editor, add in the lines you need and save the file. You can name the file whatever you wish when saving. Once done, upload the file to the directory where the script you're using is being accessed and then rename the file to php.ini. See this link for help with the PHP directives:

http://cvs.php.net/co.php/php-src/php.ini-dist

Email:  info@pittsites.com          Phone:  (916) 222-1573
Copyright © 2004 - 2006, Pitt Sites

x