03-19-2005, 04:16 PM
|
|
|
Join Date: Jul 2004
Posts: 12
Благодарил(а): 0 раз(а)
Поблагодарили:
0 раз(а) в 0 сообщениях
|
|
What the heck... phpsuex?
After contacting my host about the problem I was having here I got this responce:
Quote:
================================================== ===
phpsuexec ensures that all php scripts are run under the username of the person\'s website. For example, if your main login name is \"domain\", then all your php Scripts will be run as \"domain.\"
This not only makes it easier for us to track what scripts are running and who they belong to...it also allows us to monitor that usage. It also makes it easier to track who is sending which emails to where in an effort to curb spam which can lead to blacklisting of our server IPs. It also adds security features for you, the client in that phpsuExec limits who can modify which files and prevents \"session data hijacking\" when temporary files are stored on the server.
Normally under these circumstances, you would need to update all your PHP scripts to include an \\\"interpreter line\\\" such as:
#!/usr/bin/php
If you have ever coded Perl scripts you should be familiar with this format of \\\"she-bang\\\" line
For php to run under suExec, it must be run as a CGI script.
Under normal circumstances this would be time consuming. This is where phpSuExec comes in. This will automatically add the interpreter line when your php script is run, saving you from the hassle of adding the interpreter line as explained above.
phpSuExec makes sure the scripts abide by these rules, again increasing the security and preserving the speed and integrity of our servers.:
# User executing the wrapper must be a valid user on the server.
# The command that the request wishes to execute must not contain a /.
# The command being executed must reside under the user's web document root (public_html).
# The current working directory must be a directory.
# The current working directory must not be writeable by group or other.
# The command being executed cannot be a symbolic link.
# The command being executed cannot be writeable by group or other.
# The command being executed cannot be a setuid or setgid program.
# The target UID and GID must be a valid user and group on this system.
# The target UID and GID to execute as, must match the UID and GID of the directory.
# The target execution UID and GID must not be the privileged ID 0.
# Group access list is set to NOGROUP and the command is executed.
All this means is that you need to ensure that your php scripts can not be overwritten by \\\"group\\\" and \\\"other/world\\\" users (so in your \\\"FTP File Permissions\\\" selection box - ensure that the WRITE boxes for \\\"group\\\" and \\\"other/world\\\" are NOT ticked/selected). If your FTP client shows the permissions as a set of numbers, then the \\\"maximum permission level\\\" to 755. We recommend you use levels of 755 and 644.
As an added security measure, the directory the script is in should have a maximum permission of 755.
If you have php applications/scripts that have directories set to 777, (required to write to them under php/apache module), they would need to be changed to 755.
All PHP values should be removed from your .htaccess files to avoid any complications. Adding a php.ini file in its place will solve this issue.
What is a php.ini file? The php.ini file is a configuration file that the server looks at to see what options have been modified from the default server configuration. While the name may seem advanced to those unfamiliar with it, it\\\'s simply a text file with the name php.ini.
To create a php.ini file, just open up a text editor (such as Notepad, Wordpad - or even use the Cpanel FileManager option to create a new file), add in the lines you need and save the file. You can name the file whatever you wish when saving. Once done, upload the file to the directory where the script you\\\'re using is being accessed from and then rename it to php.ini
EX: if you had the setting
php_value some_directive
in .htaccess, your new php.ini file should have
some_directive=On
You then set the file permissions to \\\"600\\\" (which will allow you to read and write to the file, but will block Apache from displaying it) and as an added security measure you could add the following in a .htaccess file (such as /public_html/.htaccess) to block access:
Order deny,allow
Deny from All
If you continue to have errors after making the necessary adjustments, please let us know.
Jav
https://bliksupport.com/helpdesk
http://bliksterhq.com
This email message and any attachment(s) are for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you have received this email message in error, please delete it from your files and notify the sender immediately. Thank you in advance for your attention to this request and your compliance.
|
What does this mean? Am I really going to have to edit every file?
Are there any vBulletin friendly shared hosting solutions out there?
|