Howto: Enable SuPHP/phpSuExec on linux cPanel server?

Simple steps to install and enable SuPHP on a cPanel server OR Steps to install phpSuExec on a Linux Server

SuPHP Or PHPSuExec is a module that increases the security of the server and executes PHP files under the owner of the file instead of the Apache user i.e. nobody.

The advantages of having suPHP

1. Files or Directories those need 777 permissions to write into will no longer need those permissions and will result in an “Internal Server Error” The maximum permissions a directory or a file will need is 755 so it won’t be world writable anymore.

2. You need to place all the php directives for ex. safe_mode in the php.ini of a domain instead of .htaccess as it will result in an “Internal Server Error”.

3. All the files and directories that will be uploaded using a script will have the ownership of the owner instead of ‘nobody’ (i.e. the Apache user).

4. You will be able to edit/remove the files that are uploaded using scripts using Ftp.

5. The directives placed in a php.ini of an account will only effect the directory it is placed and won’t effect recursively as opposed to .htaccess.

Below are the steps to install SuPHP on server also verify if its installed correctly or not

1. Installing SuPHP using easyapache script OR “Apache Update” option in WHM. Login to your server as root and execute the easyapache script:

/scripts/easyapache

Once you execute the command, it will open a new screen asking you to select various options. On the first screen, you have to select the profile. You can use the default settings and select “Start customizing based on profile”. You then have to select the Apache version, then the PHP version on the next screen.

On the 5th screen, it will list different modules and the first one is “Mod SuPHP”. Select the modules using space bar and select “Save and Build”. All the previous options along with Suphp module will be compiled again. It will take around 30 minutes to complete the easyapache  process.

2. Enable SuPHP. Once the installation completes, you have to enable SuPHP to make it work. To enable SuPHP, simply execute the following command:

/usr/local/cpanel/bin/rebuild_phpconf 5 none suphp 1

where,

5, is PHP version 5.
none, is we do not need PHP4.
suphp, is we need to enable suphp
1, is we need Apache Suexec enabled.

Once you execute the command, you can verify the configuration using:

/usr/local/cpanel/bin/rebuild_phpconf –current
Available handlers: suphp dso cgi none
DEFAULT PHP: 5
PHP4 SAPI: none
PHP5 SAPI: suphp
SUEXEC: enabled

Once you see ’suphp’ in front of PHP5, restart the Apache service for the changes to take effect.

service httpd restart

3. Now you need to check if SuPHP is really working or not. Now create one php info page with name phpinfo.php and set permission 777

touch /home/user/public_html/phpinfo.php
chmod 777 /home/user/public_html/phpinfo.php

You should see  “Internal Server Error” on browsing the file. If you see it means, SuPHP is working so make sure files/directories are owned by owner and permissions should be no more than 755.

The log file resides at:

/usr/local/apache/logs/suphp_log

Hope this will really help to you