Surpass Web Hosting Forums - View Single Post

**Kayla** · March 14th, 2006, 4:13 AM

phpsuexec explained by pfmartin on the cPanel forums, he's quoted below:

Quote:

I thought I would write down my notes on phpsuexec so that it is understoon by others. I know that I had a hard time understanding how it was supposed to work. So here goes:

First off, for security, we want to run PHP with suEXEC. Why? Because that way scripts are executed under the username of the domain owner. Making it easier to track what they are doing and emails that are sent. It also limits what they can modify and whether they can view session data in the /tmp folder. OK, you should know the benefits of suEXEC... so I won't dig any deeper.

The first thing you need to realize is that for PHP to use suEXEC, it must be run as a CGI. This is probably the most secure way of running PHP. This is in contrast to running it as a module (i.e. mod_php).

The problem with running php as a CGI is that it would require all PHP scripts to start with an opening spec (just like most UNIX scripts) saying what the interpreter to use is. For example, you would have to change ALL your PHP scripts to have the following first line:

code:
#!/usr/bin/php

Now, this is a problem because you would then need to change ALL php scripts to have this first line. Of course, this would be out of the question if you had many sites or worse, many servers... Your clients would be upset and it would take a while to implement.

That's where phpsuexec comes in. It is nothing more than a module loaded into Apache that essentially prepends that line to PHP scripts so that you don't need to go and edit all of them. THIS IS THE MAGIC!

This that I explained so far was the piece of the puzzle that I needed in my mind to understand it best.

March 14th, 2006, 4:13 AM	#1 (permalink)
Kayla Searcher Surpass Staff Joined in May 2003 Lives in Orlando 24,447 posts Gave thanks: 935 Thanked 783 times	A different phpsuexec description phpsuexec explained by pfmartin on the cPanel forums, he's quoted below: Quote: I thought I would write down my notes on phpsuexec so that it is understoon by others. I know that I had a hard time understanding how it was supposed to work. So here goes: First off, for security, we want to run PHP with suEXEC. Why? Because that way scripts are executed under the username of the domain owner. Making it easier to track what they are doing and emails that are sent. It also limits what they can modify and whether they can view session data in the /tmp folder. OK, you should know the benefits of suEXEC... so I won't dig any deeper. The first thing you need to realize is that for PHP to use suEXEC, it must be run as a CGI. This is probably the most secure way of running PHP. This is in contrast to running it as a module (i.e. mod_php). The problem with running php as a CGI is that it would require all PHP scripts to start with an opening spec (just like most UNIX scripts) saying what the interpreter to use is. For example, you would have to change ALL your PHP scripts to have the following first line: code: #!/usr/bin/php Now, this is a problem because you would then need to change ALL php scripts to have this first line. Of course, this would be out of the question if you had many sites or worse, many servers... Your clients would be upset and it would take a while to implement. That's where phpsuexec comes in. It is nothing more than a module loaded into Apache that essentially prepends that line to PHP scripts so that you don't need to go and edit all of them. THIS IS THE MAGIC! This that I explained so far was the piece of the puzzle that I needed in my mind to understand it best. __________________ Follow Surpass on Twitter and Facebook Check out interesting finds on the Surpass Blog .... it's coming.