scion(host

• Home
• Web hosting
• Reseller hosting
• Support
• Signup

• Servers status
• Knowledge base
• Cpanel/WHM documentation

Knowledge base

SuExec: what it is and how it affects your scripts

What is SuExec?

For apache’s official explanation: http://httpd.apache.org/docs/suexec.html.

For a friendlier version, SuExec is a security option: all processes on a machine run as a user. Normally with cgi/perl scripts, the user used is nobody, with SuExec however, the user becomes you. SuExec allows the script to run as you and access files as you could if you were to access the files directly from FTP. When SuExec is not enabled, you would have to give world writable/readable permissions on files which isn’t safe as that would mean anyone’s script on the same server would be able to read/write to that file. SuExec enabled means that scripts can only access and manipulate the specific user’s files, not someone else’s.

How does this affect your CGI/Perl scripts?

Many of your script’s instructions will tell you to change permissions on directories the script needs to write to, to 777 (drwxrwxrwx) and files to 777 (_rwxrwxrwx) or 666 (_rw_rw_rw_). SuExec will not let scripts run or access files that have those permissions or are in directories with those permissions, as they are insecure.

Instead, any time a script tells you to change permissions to that, make the permissions for the file or directory to 755 (_rwxr_xr_x), and not what the instructions say to. Most instructions for cgi and perl scripts are made for those people on servers not running SuExec, but since you are, you have to do things like permissions a little differently.

Categories

Getting started:

• Quota overage notices
• A word about backups
• How long until my account is setup?

Cpanel control panel:

• How do I access my control panel?
• How do I access the Fantastico auto-installer?
• Awstats: Error: LogFile parameter
• Access your Cpanel before your domain has propagated
• Cron jobs: what are they, and how to use them

Webhost manager (WHM):

• Do not change the username or domain name for any of your domains
• Always let WHM finish the current process
• Do not use hyphens or underscores in usernames
• Access all accounts with the WHM password
• Setting strong passwords

Questions and tips:

• What is a DOS/Smurf Attack?

E-mail:

• Blocking all mail to an e-mail address
• What are the SMTP and POP server addresses?
• Mailing lists: limits of usage
• What happens to e-mail when the server is down: is it returned to the sender or lost?
• How do I access webmail for my account?

Domains and DNS:

• Reverse DNS on domains
• What is propagation?

FTP and files:

• What are the FTP timeout settings?
• The public_html and www directories
• What is the maximum number of FTP connections per user?
• What is the max number of files/directories I can display in FTP?
• File permissions explained

Htaccess magic:

• Turning off directory listings
• Custom error pages without using Cpanel
• Redirects

CGI, PHP and Perl:

• What is the path to..?
• Formmail: important notes
• ImageMagick
• SuExec: what it is and how it affects your scripts

Subdomains:

• Can I have a numeric subdomain? (e.g. 3029.domain.com)

SSL:

• How do i access the shared SSL certificate on my server?