phpsuexec question

**1brent1** · 27 Jul 2007, 06:26 PM

Hello,

we had to disable phpsuexec on the server in order for zencart to work. by doing this doesn't it give other users on the server access to specific directory's like the images upload directory which requires its permissions to be set to 777 in order for one to be able to upload to it from within the admin control panel while adding products. were just concerned that this can be a big security problem on the server.

any input/suggestions are greatly appreciated.

**Merlinpa1969** · 27 Jul 2007, 06:47 PM

Zen Cart runs fine under phpsuexec

**kobra** · 27 Jul 2007, 06:51 PM

Originally Posted by Merlinpa1969

Zen Cart runs fine under phpsuexec

Ditto that

**Website Rob** · 27 Jul 2007, 06:58 PM

Although true that ZenCart or any other script will work just fine with phpsuexec enabled, it is imporant to note that much work must be done when making the switch -- from PHP as an Apache Module to PHP as CGI.

With that said, you can greatly increase the security of your 'images' dir. no matter how PHP is run, by using the following code in the '.htaccess' file within your images dir.

# Prevent directory viewing and the ability of any scripts to run.
# No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled.
OPTIONS -Indexes -ExecCGI

The above protects your 'images' dir. and all sub-directories within it, no matter what directory permissions are used. Handy when one has forgotten to change permissions, from 777 to 755, after doing some work.

**Merlinpa1969** · 27 Jul 2007, 07:46 PM

Rob, it didnt take alot iof work
renamed the user and group set www permissions to 755
then manually changed file and folder permissions from 777 to 755 and 644 to 444

**Website Rob** · 28 Jul 2007, 01:21 AM

For changing one account it's not much work at all.

However, when one is changing a Server full of accounts that were previously using PHP as an Apache Module, much more needs to be done and that is what I was referring to.

As you know, the following has to be applied to all accounts.

- change all files & directories owned by 'nobody' to the individual username
- change all directories with 'whatever' permissions to 755
- change all files with 'whatever' permissions to 644 : except *.cgi & *.pl of course
- remove from within all .htaccess files, Apache directives related to PHP
- various cleanup here 'n there

Having done this myself, I know it is a big job but one needs to make sure things are done right else Web sites will not work.

**Merlinpa1969** · 28 Jul 2007, 01:32 AM

lol yea we have done it on 3 servers so far

Thread: phpsuexec question

Thread Tools

Search Thread

Display

phpsuexec question

Re: phpsuexec question

Re: phpsuexec question

Re: phpsuexec question

Re: phpsuexec question

Re: phpsuexec question

Re: phpsuexec question

Similar Threads

Problems with phpsuexec

Host is installing PHPSUEXEC. Docs sound like it's detrimental to ZenCart.

PHPsuexec?

Setting it up w/o PHPSuExec

Bookmarks

Bookmarks

Posting Permissions