Howto: Enable SuPHP/phpSuExec on a cPanel server?

How to install and enable SuPHP on a cPanel server OR
How to install phpSuExec on a Linux Server?

SuPHP Or PHPSuExec as most people call is a module that increases the security of the server and executes PHP files under the owner of the file instead of the Apache user i.e. nobody. The advantages of having suPHP are:

1. Files and Directories those need 777 permissions to write into will no longer need those permissions and will result in an “Internal Server Error” The maximum permissions a directory or a file will need is 755 so it won’t be world writable anymore.

It helps to track down spammers if bulk emails are sent out via a PHP script since the script will be executed under the users UID/GID level and not nobody.

2.You need to place all the php directives for ex. safe_mode in the php.ini of a domain instead of .htaccess. You have to create a separate php.ini for the account and manipulate the values of php directives. If they are placed in .htaccess it will result in an “Internal Server Error”.

3. All the files and directories uploaded via the browser will have the ownership of the user they are uploaded under instead of ‘nobody’.

4.You will be able to edit/remove the files which are uploaded via the browser using Ftp.

5. The directives placed in a php.ini of an account will only effect the directory it is placed and won’t effect recursively as opposed to .htaccess.

Below is a small guide on installation, activation and verification of SuPHP on a cPanel server:

1. Installing SuPHP using easyapache script OR “Apache Update” option in WHM. Login to your server as root and execute the easyapache script:

# /scripts/easyapache

Once you execute the script, it will open a new screen asking you to select various options. On the first screen, you have to select the profile. You can use the default settings and select “Start customizing based on profile”. You then have to select the Apache version, then the PHP version on the next screen.

On the 5th screen, it will list different modules and the first one is “Mod SuPHP”. Select the modules using space bar and select “Save and Build”. All the previous options along with Suphp module will be compiled again. It will take around 30 minutes to complete the compilation process.

2. Enable SuPHP. Once the installation completes, you have to enable SuPHP to make it work. To enable SuPHP, simply execute the following command:

# /usr/local/cpanel/bin/rebuild_phpconf 5 none suphp 1

where,

5, is PHP version 5.
none, is we do not need PHP4.
suphp, is we need to enable suphp
1, is we need Apache Suexec enabled.

Verify the new configuration:

# /usr/local/cpanel/bin/rebuild_phpconf --current
Available handlers: suphp dso cgi none
DEFAULT PHP: 5
PHP4 SAPI: none
PHP5 SAPI: suphp
SUEXEC: enabled

If you see ‘suphp’ in front of PHP5, it’s time to restart the Apache service for the changes to take effect.

service httpd restart

3. Verify if SuPHP is working. Create a php file say phpinfo.php under an account and set the permissions to 777.

touch /home/user/public_html/phpinfo.php
chmod 777 /home/user/public_html/phpinfo.php

You should see a “Internal Server Error” on browsing the file. If you do, SuPHP is working so make sure files/directories are owned by owner and permissions should be no more than 755.

The log file resides at:

/usr/local/apache/logs/suphp_log

Hope this article helps you to enable SuPHP from the command line.

Related Links:
How to install/enable SuPHP on a Plesk server?

This entry was posted on Wednesday, November 11th, 2009 and is filed under cPanel Management. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

One Response to “Howto: Enable SuPHP/phpSuExec on a cPanel server?”

  1. fore_xstra_tegy

    I am definitely bookmarking this page and sharing it with my friends.

    🙂