PHP LSAPI suEXEC Daemon Mode

PHP LSAPI 6.0 introduced one of LSAPI's most important advances — suEXEC Daemon mode. suEXEC Daemon mode allows for faster, more efficient PHP processing in shared hosting.

What is suEXEC?

suEXEC makes PHP more secure by running each PHP process as the owner of a particular account and not as the web server user. This means that even if one user on a server is compromised, PHP scripts run from their account will not have access to other users' files. suEXEC has long been a basic feature of shared hosting.

What is suEXEC Daemon mode?

suEXEC Daemon mode keeps all the security of suEXEC, but improves performance by forking new processes from a constantly running parent process as opposed to creating completely new processes.

Benefits


Faster process generation

Forking child processes is faster than creating new processes because it has less overhead.

Effective opcode caching

Opcode cache stores compiled PHP scripts and variables, allowing for faster PHP response. But opcode cache memory can only be shared among child processes forked off the same parent process and it is flushed when the process ends. Because many suEXEC implementations start PHP processes as standalone processes, each standalone process is allocated its own opcode cache memory, giving only a tiny window for caching before the memory flushes. In suEXEC Daemon mode, opcode cache memory is shared by all PHP processes and won’t be flushed. This allows for a larger opcode cache memory block which is flushed less frequently, leading to a far improved cache hit rate.

Comparison to other setups


Apache/nginx setups

vs. suPHP

suPHP is the standard suEXEC setup for Apache.

  • All LiteSpeed suEXEC modes (Worker, Daemon, and ProcessGroup) are far faster than suPHP because suPHP uses CGI. CGI is much, much slower than LiteSpeed's LSAPI.
  • suPHP creates a new standalone process for each PHP process. As explained above, creating these new processes requires overhead, is time-consuming, and prevents the effective use of opcode cache.
vs. PHP-FPM Pools

PHP-FPM was created for Apache and other web servers to make use of FastCGI with PHP.

  • FastCGI is speedier than CGI, but, our benchmarks show, LSAPI is still about 20% faster than FCGI.
  • To get security similar to suEXEC from PHP-FPM, you have to manually set up pools of processes for each user.
  • These pools always leave at least one process in each pool running, meaning wasted system resources even when a particular user's sites are not being accessed. This is especially a problem for servers with many users and thus many pools.
  • suEXEC Daemon mode is automatically set up to run processes as the site owner, makes great use of opcode caching, and spawns processes dynamically, using resources when and where you need them.

Other LiteSpeed setups

Consult our guide to different LiteSpeed suEXEC setups

Limitations


suEXEC Daemon mode does not allow a customized per-user php.ini. If a user has a customized php.ini, LiteSpeed Web Server will automatically switch to suEXEC Worker mode (LiteSpeed's default suEXEC setup) at the server level.

Because of the incompatibility with custom php.ini's, suEXEC Daemon mode is not compatible with CloudLinux's PHP Selector.

Configuration


To set up suEXEC Daemon mode, you need only adjust your server-level LSPHP external application settings in the WebAdmin console > Configuration > External App > your LSPHP external application:

  1. Set Auto Start to "Yes".
  2. Set Run On Start Up to "suEXEC Daemon".

STAY CONNECTED