Advantages of PHPsuexec
Why we preferred switching to phpsuexec ?
Because it improves the security and operation of the servers. Earlier without phpsuexec an account could run malicious PHP scripts to send spam or cause performance issues on the server it can take a while to track down which account is causing the problem and resolve it. With PHPSUEXEC enabled we can find the offending account in minutes and resolve the problem caused by the offending script. PHPsuexec will also solve some of the file and directory ownership and permission problems that some of you have had with various PHP applications (mainly the CMS applications like Joomla and Drupal but other applications have the same issues
PHPsuexec Details to Keep in Mind:
File/Directory Permissions and Ownership:
When PHP runs as an Apache Module it executes with the user ID and group ID of the web server which is usually “nobody”. In this mode, files or directories that you require your php scripts to write to need to have 777 permissions (read/write/execute at user/group/world level). This is not secure because besides allowing the Apache and the PHP application to write to the file it also allows anyone else to read or write to the file if they figure out were to look and want to do so.
With PHP running in PHPsuexec mode your php scripts now execute with your user ID and group ID. Files or directories that you require your php scripts to write to no longer need to have 777 permissions.. In fact, having your scripts or the directories they reside in set to permissions of 777 will cause an “Internal Server Error 500″ error when an attempt is made to execute your scripts. In PHPsuexec mode your scripts and directories can have a maximum of 755 permissions (read/write/execute by you, read/execute by everyone else).
Files and directories will also need to be owned by your user ID and group ID. You probably don’t need to worry about this because all files you upload or create will be owned by your user ID and group ID automatically.
.htaccess File and PHP directives:
When PHP is run as an Apache Module mode you were able to manipulate the PHP settings from within an .htaccess file placed in a PHP script’s directory.
For example you could turn off the PHP setting “magic_quotes_gpc” with this line in .htaccess:
php_value magic_quotes_gpc off
With PHP running in PHPsuexec mode manipulating the PHP settings is still possible however it can not be done with the .htaccess file. Using an .htaccess file with php_value entries in it will cause an “Internal Server Error 500″ error when attempting to access the scripts. This is because PHP is no longer running as an Apache module and Apache will not handle those directives any longer.
All PHP configuration settings should be removed from your .htaccess files to avoid the “Internal Server Error 500″ error. Creating a php.ini file to manipulate the PHP settings will solve this issue
Because it improves the security and operation of the servers. Earlier without phpsuexec an account could run malicious PHP scripts to send spam or cause performance issues on the server it can take a while to track down which account is causing the problem and resolve it. With PHPSUEXEC enabled we can find the offending account in minutes and resolve the problem caused by the offending script. PHPsuexec will also solve some of the file and directory ownership and permission problems that some of you have had with various PHP applications (mainly the CMS applications like Joomla and Drupal but other applications have the same issues
PHPsuexec Details to Keep in Mind:
File/Directory Permissions and Ownership:
When PHP runs as an Apache Module it executes with the user ID and group ID of the web server which is usually “nobody”. In this mode, files or directories that you require your php scripts to write to need to have 777 permissions (read/write/execute at user/group/world level). This is not secure because besides allowing the Apache and the PHP application to write to the file it also allows anyone else to read or write to the file if they figure out were to look and want to do so.
With PHP running in PHPsuexec mode your php scripts now execute with your user ID and group ID. Files or directories that you require your php scripts to write to no longer need to have 777 permissions.. In fact, having your scripts or the directories they reside in set to permissions of 777 will cause an “Internal Server Error 500″ error when an attempt is made to execute your scripts. In PHPsuexec mode your scripts and directories can have a maximum of 755 permissions (read/write/execute by you, read/execute by everyone else).
Files and directories will also need to be owned by your user ID and group ID. You probably don’t need to worry about this because all files you upload or create will be owned by your user ID and group ID automatically.
.htaccess File and PHP directives:
When PHP is run as an Apache Module mode you were able to manipulate the PHP settings from within an .htaccess file placed in a PHP script’s directory.
For example you could turn off the PHP setting “magic_quotes_gpc” with this line in .htaccess:
php_value magic_quotes_gpc off
With PHP running in PHPsuexec mode manipulating the PHP settings is still possible however it can not be done with the .htaccess file. Using an .htaccess file with php_value entries in it will cause an “Internal Server Error 500″ error when attempting to access the scripts. This is because PHP is no longer running as an Apache module and Apache will not handle those directives any longer.
All PHP configuration settings should be removed from your .htaccess files to avoid the “Internal Server Error 500″ error. Creating a php.ini file to manipulate the PHP settings will solve this issue
0 comments:
Post a Comment