Authoring/Development - Using suEXEC
What is suEXEC?Available for Basic accounts and above, suEXEC is a feature of Apache that allows CGI scripts to run under your pair Networks username and not as the default user "nobody." suEXEC can protect your scripts and any files they create from other customers on your server, when used properly.
suEXEC performs a function similar to cgiwrap but with two main differences:
- It uses shorter, less complex URLs which do not reveal your account username.
- It is enabled on a per-domain name basis and affects every CGI script running under that domain name.
suEXEC can lead to greater security from other customers on your server. However, if one of your scripts under your domain name that uses suEXEC is compromised, then the attacker could have access to all of your files, including your e-mail files.
We recommend against using suEXEC if you are not familiar with it or if you are running third party scripts where you have not examined the scripts' source code.
Enabling suEXEC on domains that have CGI scripts already in use can cause problems if those scripts have data files that they created.
Enabling suEXEC For A Domain Name
- Log into the Account Control Center
- Click "Domain Hosting Management"
- Click "Manage"
- Click on the domain name for which you want to enable suEXEC
- Click "Enable suEXEC"
- On the confirmation page, confirm that you wish to enable suEXEC
Using suEXEC With PHPBy default, any PHP scripts under the domain will continue to be run under the default user "nobody." In order to execute PHP scripts under your pair Networks username using suEXEC you must first switch from the default of using the PHP Apache module, to executing PHP through CGI.
To do this, you must first connect to your account via SSH and copy the CGI version of PHP into your own cgi-bin directory:
cp /usr/www/cgi-bin/php5.cgi ~/public_html/cgi-bin
(Note that this command may need to be changed if the domain name's cgi-bin has been mapped to a different directory via the ACC.)
Then you must create a .htaccess file in the directory where your PHP files reside, and add these lines:
Action application/x-pair-sphp /cgi-bin/php5.cgi
AddType application/x-pair-sphp .php
Once these items are in place, and suEXEC is enabled, your PHP files will now be executed under your pair Networks username.
Please note that certain features of the PHP module, such as sending custom HTTP headers to the browser, are not available when PHP as run as a CGI script.
Alternatives To suEXECIn addition to suEXEC, we offer cgiwrap, which allows you to run only specific scripts as your pair Networks username. You can also use php-cgiwrap to run your PHP scripts under your own username.
Please note that you cannot use both suEXEC and cgiwrap/php-cgiwrap at the same time. Attempting to do so will result in Internal Server errors for anything run though cgiwrap.