SuPHP

From VlexoFree Wiki
Jump to: navigation, search

suPHP is a tool VlexoFree uses for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.

.htaccess on suPHP servers

What should my .htaccess file look like if my account is on a suPHP server?

You should remove the lines that begin with "php_value" and "php_flag". Those will cause a 500 error.

Parse .html as PHP

How can I configure Apache to treat .html files as PHP under suPHP?

You need to remove any previous entries for handling .html files as PHP and insert the following in your .htaccess file:

AddHandler x-httpd-php .html .htm

Or you can add this manually using Cpanel -> Apache Handlers -> New:

Extension: .html .htm 
Handler: x-httpd-php

The newest cPanel servers actually require the following instead:

AddHandler application/x-httpd-php .html .htm 

or

AddType application/x-httpd-php .html .htm

Please try this if the first type doesn't work for you for files.

PHP displays 500 Internal Server Error

My PHP files all display a 500 Internal server error. How can I fix this?

If you are running a PHP-based script on your site and are receiving a 500 and/or 404 errors on your pages, it is likely you have one or more of the following occurring:

  1. The permissions on some of the folders or files are 777 or 666. If this is the case, change them to either 755 or 644 in Cpanel's File Manager (or using your local FTP client).
  2. The files and/or folders are not owned by you. Certain applications having been run under php as an apache module may have files owned by the apache user of nobody. An indication that you don't own the files would be if you are unable to change their file permissions. To correct this, please contact support provide your username and domain and provide the location of the folder or files that need to have your ownership.
  3. Your .htaccess file has php_values or php_flags in it. This causes a 500 Internal server error when attempting to execute the script.

You can also check your error log in cPanel to find what the problem is.

The php_values and php_flags will need to be removed from your .htaccess file (please make a backup of the .htaccess by copying its contents and saving it on your desktop as htaccess.txt). Take the contents removed from .htaccess and place it into a file you create called php.ini. Remember to remove the php_flag and php_value part before the directives as php.ini files do not require those in front of the values. You can always make the changes and ask us if the changed files are correct.

Finally, to explain in depth why suPHP requires these changes to the file permissions, please note that suPHP runs scripts with the permissions of their owners. Regular PHP executes scripts under the permissions of the system user running the web server, which means that your script runs with different permissions than your own user account and makes it very hard to use a PHP script to modify and create files without giving everyone on the server access to your files (this means that on regular PHP you provide write or execute access to group and world even for some files). Since SuPHP makes your PHP scripts run with the same permissions as your regular user account, you do not need group or world write access or execute access for files and suPHP will even prevent files from running that are group or world writable or executable as a security precaution.

Basically, suPHP is more secure, and preventing scripts from running as 666 or 777 prevents group or world from maliciously writing to the files and hacking your scripts.