cowboy

In all honesty, too much emphasis or blame is being put on file and folder permissions as the big bad culprit breaking existing scripts when a server is transformed to use PHP as a 'set user' application, phpsuexec.

New installs are not giving any problems with the su issue.

An example: Use this script to make a new folder on a server using phpsuexec. It makes a folder named testing and forces the permission to 777.
Then verify the permissions of the folder and you will see that it is set to 755.

PHPsuExec will not allow itself to make a folder which is against it's own internal rules.

The problem with 'upgrading' to phpsuexec is that files and folder being used have to be owned by the user. Before the upgrade they were owned by: the user, or, nobody, or root, and apache did not care and PHP using apache rules did not either.

Now, after the 'upgrade', phpsu will not let any other owner of a file tell it what to do. It only takes orders from the designated user.

When the su police see a file or folder owner other than that on the passport, (httpd.conf), it is not allowed on the homeland, PHPsuExec immediately issues a 'halt' order and shuts down all further script execution. The server is then at a total loss as what it is to do, so it issues the most basic error message, "Incomplete header" or as we know it "500 Internal Server Error" the apache version of "blue screen of death."

Think of su as the security line at the airport. It does not screen files or folders until they are called upon, thus, you can have 777 files and folders on your site without problems until they are called in the future. (Aliens always appear at the most inappropriate times.)

Now, since only the server administrator can change file ownership, the most important step after activating phpsuexec on a server, is that someone logged in as 'root' has to chown any file or folder which PHP will possibly ever use, to that of the user. You cannot chown yourself. You can use a PHP script to recurse your public_html directory to chmod provided the file or folder has an owner write permission. (Dedicated users can write your own perl script to parse your httpd.conf file and chown for your users in one step.) Other users will have to ask support to do this for you,

Or, you can do it yourself by downloading all of your files to your local computer, deleting them from the server, and uploading again. (You cannot use a backup as it generally maintains the owner and permissions.)

Since cPanel and most FTP clients do not show the ownership of files and folders, the user with a problem moves to the next logical step; blame the permissions. If your FTP client has an option for showing file ownership, make sure it is activated. If not, download another, I will suggest FileZilla, at least long enough to verify your owner and group. Your owner and group will both be your login username, or it's numerical equal. If your user and group are numbers and you have mixed numbers, you can find your number by uploading a file and see what number apache assigns you after the su directive has been activated.

After your site is converted, phpsuexec will take orders diligently from you and give you the security that no one else can get away with telling it to do something differently.