1. Home
  2. Authoring and Development
  3. What is suEXEC and How do I Use It?

What is suEXEC and How do I Use It?




What is suEXEC?

SuEXEC is a feature of Apache that allows CGI scripts to run under your Pair Networks username and not as the default user "nobody." suEXEC can protect your scripts and any files they create from other customers on your server when used properly.

suEXEC performs a function similar to CGIwrap but with two main differences:

  • It uses shorter, less complex URLs which do not reveal your account username.
  • It is enabled on a per-domain name basis and affects every CGI script running under that domain name.

suEXEC can lead to greater security from other customers on your server. However, if one of your scripts under your domain name that uses suEXEC is compromised, then the attacker could have access to all of your files, including your email files.

We recommend against using suEXEC if you are not familiar with it or if you are running third-party scripts where you have not examined the scripts' source code.

Enabling suEXEC on domains that have CGI scripts already in use can cause problems if those scripts have data files that they created.

Enabling suEXEC for a Domain Name

This tutorial is only needed for legacy accounts (Basic, Advanced, Webmaster, and Developer). On current Shared hosting packages, suEXEC is enabled by default.

  1. Log into the Account Control Center (ACC)
  2. In the left sidebar, click Domains
  3. In the drop-down, click Manage Your Domain Names
  4. Click on the domain name for which you want to enable suEXEC
  5. Scroll down the page until you find the "suEXEC" section. Click the Enable suEXEC button
  6. On the confirmation page, confirm that you wish to enable suEXEC

Using suEXEC with PHP

By default, any PHP scripts under the domain will continue to be run under the default user "nobody."

In order to execute PHP scripts under your Pair Networks username using suEXEC, you must first switch from the default of using the PHP Apache module, to executing PHP through CGI.

To do this, you must first connect to your account via SSH and copy the CGI version of PHP into your own cgi-bin directory. For more information about connecting to your account via SSH, see our How to Connect to Your Account with SSH article.

Use the following command in the command line after you have established an SSH connection:

cp /usr/www/cgi-bin/php7.cgi ~/public_html/cgi-bin

This command may need to be changed if the domain name's cgi-bin has been mapped to a different directory via the ACC.

Then you must create a .htaccess file in the directory where your PHP files reside and add these lines:

Action application/x-pair-sphp /cgi-bin/php7.cgi
AddType application/x-pair-sphp .php

Once these items are in place, and suEXEC is enabled, your PHP files will be executed under your Pair Networks username.

Certain features of the PHP module, such as sending custom HTTP headers to the browser, are not available when PHP as run as a CGI script.

Alternatives to suEXEC

In addition to suEXEC, we offer CGIwrap, which allows you to run only specific scripts as your Pair Networks username.

You can also use php-cgiwrap to run your PHP scripts under your own username.

You cannot use both suEXEC and cgiwrap/php-cgiwrap at the same time. Attempting to do so will result in Internal Server errors for anything run though cgiwrap.

Updated on October 21, 2021

Was this article helpful?

Related Articles

Need Support?
Can't find the answer you're looking for?
Contact Support