What are the implications of enabling suPHP on a production server with live accounts on it?

Tuesday 26th July 2016 17:10
- cPanel Service

1. suPHP will enforce the running of php scripts under the account name within which they run (the same as suexec does for CGI scripts). This means that any exploit files in /tmp, etc, will be owned by the account that has been compromised and makes it easier to track.

2. It will enforce strict permissions on directories and files (they must not have world execute/write enabled on them). This can temporarily break existing scripts until you fix the directory and file permissions. (You normally need to change permissions from 777 to 755 to fix this.)

3. Any local PHP variables in .htaccess files have to be removed and added to a local php.ini file instead.

So, it can cause problems in some cases, but there are significant security benefits.

Share via

My server is live and has a lot of sites on it. Can you do your package on my server?
How do I disable or enable the MailScanner cPanel front-end for cPanel user accounts?
I have moved to a new server and wish to copy my MailScanner installation from the old server to the new one including all the settings. How do I do this?

Self-Hosted Help Desk Software by SupportPal

What are the implications of enabling suPHP on a production server with live accounts on it?

Related Articles

Categories

Tags