ESDS Knowledge Base


What does php SUexec refer to ?


PHPSuexec is the shortened term often used to describe running PHP as a CGI with Suexec. Running PHP as a CGI with Suexec creates a much more secure environment compared to running PHP as an Apache module. Below we will describe the differences in the two forms of PHP, with examples on how security differs with the two.

On many Apache servers, PHP runs as the generic user nobody. This means that all your PHP scripts are readable and writable by all users on the server. With phpSuExec enabled, your PHP scripts will execute under your own username. Files or directories that your PHP scripts write to no longer need to have 777 permissions.

suPHP is a program that controls who can access certain files. The earlier version was PHPsuExec but that is quickly being replaced by suPHP and the two do basically the same thing.

What it is?

It starts with scripts, scripts are programs that run on your server that give your website or blog the ability to process information that can be stored or displayed when requested. WordPress blogging software is a script.

When PHP runs as an Apache module, PHP files work under the Apache user/group known as “nobody”. For example, when a PHP file needs to write to another file or create/remove a file, it does so under the name “nobody”. In order to allow “nobody” to do this, you need to set specific permissions on the file/directory, such as 777 – which translates to read/write/execute by user/group/world. This is insecure because you have not only allowed the webserver (Apache) to read/write to the file, you have also allowed everyone else on the server to read/write to the file as well!

You can come to know if your server is running suPHP or PHPsuExec, basically, if you set your permissions on a folder to 777 and you get the 500 Internal Sever error your server might be running suPHP or PHPsuExec, but it could be another error with the script. Your best bet is to ask your hosting service if you are.

Leave a Reply