What is suEXEC?
Available for Basic accounts and above, suEXEC is a feature of Apache
that allows CGI scripts to run under your pair Networks username and not as the default user “nobody.” suEXEC can protect your scripts and any files they create from other customers on your server, when used properly.
suEXEC performs a function similar to CGIwrap but with two main differences:
- It uses shorter, less complex URLs which do not reveal your account
- It is enabled on a per-domain name basis and affects every CGI script
running under that domain name.
suEXEC can lead to greater security from other customers on your server.
However, if one of your scripts under your domain name that uses suEXEC
is compromised, then the attacker could have access to all of your files, including your email files.
We recommend against using suEXEC if you are not familiar with
it or if you are running third-party scripts where you have not examined
the scripts’ source code.
Enabling suEXEC on domains that have CGI scripts already in use can cause problems if those scripts have data files that they created.
Enabling suEXEC For A Domain Name
- Log into the Account Control Center
- Click Domain Hosting Management
- Click Manage
- Click on the domain name for which you want to enable suEXEC
- Click Enable suEXEC
- On the confirmation page, confirm that you wish to enable suEXEC
Using suEXEC With PHP
By default, any PHP scripts under the domain will continue to be run under the
default user “nobody.” In order to execute PHP scripts under your pair
Networks username using suEXEC you must first switch from the default of
using the PHP Apache module, to executing PHP through CGI.
To do this, you must first connect to your account via
SSH and copy the CGI version of PHP into your own cgi-bin directory:
cp /usr/www/cgi-bin/php5.cgi ~/public_html/cgi-bin
This command may need to be changed if the domain name’s cgi-bin has been mapped to a different directory via the ACC.
Then you must create a .htaccess file in the directory where your PHP
files reside, and add these lines:
Action application/x-pair-sphp /cgi-bin/php5.cgi AddType application/x-pair-sphp .php
Once these items are in place, and suEXEC is enabled, your PHP files will now
be executed under your pair Networks username.
Certain features of the PHP module, such as sending custom
HTTP headers to the browser, are not available when PHP as run as a CGI script.
Alternatives To suEXEC
In addition to suEXEC, we offer CGIwrap, which allows you to run only specific scripts as your pair Networks username.
You can also use php-cgiwrap to run your PHP scripts under your own username.
You cannot use both suEXEC and cgiwrap/php-cgiwrap at the
same time. Attempting to do so will result in Internal Server errors for anything run though cgiwrap.