Greetings,
On friday evening at 12:01am CST Sat to 2:00am CST, April 21, the servers will experince web downtime during the maintainance for the upgrade to PHPSuexec configuration with native CGI-FastCGI PHP4 and PHP5 on the servers.
One of the reasons for implementing this is that we want to offer everyone native use of PHP4 and PHP5, with options of Zend Optimizer or IonCube Loaders with Eaccelerator PHP Caching engine. It was not possible with the past implementation with PHP5 addon, and due to my work on hacking the phpsuexec patch, I was able to add the PHP5 into the patch to make it possible. So I am able to have PHP4 and PHP5 running at the same time with no conflict between both.
What is PHPsuexec?
On most Apache web servers PHP is run as an Apache module which is the default/standard method of running Apache on a web server. Because PHP runs as an Apache module all PHP applications are executed with the user ID of the web server which is usually the "nobody" user but can be set to any user ID that the system administrator wants to use. With PHPsuexec all PHP applications are executed with the user ID of the account that they are associated with and not the user ID of the Apache server.
Why are we switching to PHPsuexec?
We are switching to PHPsuexec because it improves the security and operation of the servers. Currently if an account is running malicious PHP scripts such as scripts used to send spam or cause performance issues on the server it can take a while to track down which account is causing the problem and resolve it. With PHPsuexec enabled we can find the offending account in minutes and resolve the problem caused by the offending script. PHPsuexec will also solve some of the file and directory ownership and permission problems that some of you have had with various PHP applications (mainly the CMS applications like Joomla and Drupal but other applications have the same issues).
PHPsuexec Details to Keep in Mind:
File/Directory Permissions and Ownership
When PHP runs as an Apache Module it executes with the user ID and group ID of the web server which is usually "nobody". In this mode, files or directories that you require your php scripts to write to need to have 777 permissions (read/write/execute at user/group/world level). This is not secure because besides allowing the Apache and the PHP application to write to the file it also allows anyone else to read or write to the file if they figure out were to look and want to do so.
With PHP running in PHPsuexec mode your php scripts now execute with your user ID and group ID. Files or directories that you require your php scripts to write to no longer need to have 777 permissions. In fact, having your scripts or the directories they reside in set to permissions of 777 will cause an "Internal Server Error 500" error when an attempt is made to execute your scripts. In PHPsuexec mode your scripts and directories can have a maximum of 755 permissions (read/write/execute by you, read/execute by everyone else).
Files and directories will also need to be owned by your user ID and group ID. You probably don't need to worry about this because all files you upload or create will be owned by your user ID and group ID automatically.
.htaccess File and PHP directives
When PHP is run as an Apache Module mode you were able to manipulate the PHP settings from within an .htaccess file placed in a PHP script's directory.
For example you could turn off the PHP setting "magic_quotes_gpc" with this line in .htaccess:
php_value magic_quotes_gpc off
With PHP running in PHPsuexec mode manipulating the PHP settings is still possible however it can not be done with the .htaccess file. Using an .htaccess file with php_value entries in it will cause an "Internal Server Error 500" error when attempting to access the scripts. This is because PHP is no longer running as an Apache module and Apache will not handle those directives any longer.
All PHP configuration settings should be removed from your .htaccess files to avoid the "Internal Server Error 500" error. Creating a php.ini file to manipulate the PHP settings will solve this issue.
What is a php.ini file and how do I go about making one?
The php.ini file is a configuration file that PHP looks at to see what options have been set that are different from the default settings that we have configured for the server. While the name may seem advanced to those unfamiliar with it it's simply a text file with the name php.ini
To create a php.ini file, just open up a text editor, add in the lines you need for the configuration settings you need to change from the default and save the file. You can name the file whatever you wish when saving. Once you are done creating and editing the file, upload the file to the directory where your script is located and then rename it to php.ini
For example you can turn off the PHP setting "magic_quotes_gpc" with this line in php.ini:
magic_quotes_gpc = off
Troubleshooting
What to do if your PHP script doesn't work or if you receive an error message.
1. Check that the PHP script that you are attempting to execute has permissions of no more than 755. Permissions set to 644 will work just fine normally, this is not something that will need to be changed in most cases.
2. Check that the permissions of the directory that the script resides in are set to a maximum of 755. This also includes directories that the script would need to have access to also.
3. Check that you do not have an .htaccess file with php_values configuration statements in it. If you have an .htaccess file with php_values statements in it it will cause an "Internal Server Error 500" error when attempting to execute the script.
The php_values statements will need to be removed from your .htaccess file and a php.ini file will need to be put into the directory that the PHP script resides in containing the php directives as explained above.
4. To run PHP5 applications, you have to define in your .htaccess this line as follows:
AddHandler application/x-httpd-php5 .php
This will change the behavior of the webserver to use PHP5 instead of PHP4 to serve your pages.
5. Standard PHP.ini configuration will have register_globals set as Off, so you will need to set your php.ini to have register_globals=On to have that enabled for your site. That will override the default php.ini configuration with your settings to have your site run properly.
6. CLI version of PHP4 and PHP5 - cli version of php4 is named as php while the CLI version of php5 is named as php5 to avoid issues of running php in commandline between both versions.
PHP4 CLI - /usr/bin/php
PHP5 CLI - /usr/local/bin/php5
Partager