PHP SuEXEC mode

suEXEC is an Apache execution method for CGI and SSI programs that makes executing PHP scripts more secure by running each PHP process as the owner of a particular account instead of as the user running the web server. This means that even if one user on a server is compromised, PHP scripts run from their accounts will not have access to other users' files. suEXEC has long been a basic feature in shared hosting environments.

LiteSpeed Web Server is capable of using this execution method directly when configured to read Apache configuration files. When running LiteSpeed Web Server (native),a similar implementation, called ExtApp Set UID Mode, is available at the Virtual Host level. suEXEC like behavior can also be achieved at the External Application level using the Run as User and Run as Group settings.

PHP SuEXEC enabled on control panel by default

If you run shared hosting services with a control panel, it is necessary to use SuEXEC mode for security reasons. Our LSWS installation script will enable PHP SuEXEC by default for all control panels hence LSWS will run PHP SuEXEC out of the box. In SuEXEC mode, each PHP process will run as the owner of the virtual host's document root.

To manually enable SuEXEC on LSWS for cPanel, Plesk, or another control panel, Configuration > Server > General > Using Apache Configuration File > PHP suEXEC should be set to Yes. However, Enabling PHP suEXEC for the control panels is default setup during the installation and you have no need to manually change it here. Once it is set, generally you should not make change anymore to avoid permission problem, since PHP SuEXEC will generally run as user:user while non-PHP SuEXEC will run as nobody:nobody.

Enable PHP SuEXEC for LiteSpeed Web Server (Native) or OpenLiteSpeed

To enable SuEXEC for LSWS native or on OpenLiteSpeed, you will need to create external apps (name should be unique and different than server level external apps and other virtual host external apps, for example, lsphp_$vhost; also set it to run as username:usergroup to implement PHP SuEXEC) and script handler pointing to the newly created external app under each virtual host.

PHP Process Modes: ProcessGroup/Daemon/Worker

LiteSpeed Web Server offers a number of different PHP process modes for the various needs and goals of shared hosting providers: ProcessGroup mode, Daemon mode, and Worker mode.

Which PHP setup am I using?

LiteSpeed Web Server comes with a number of PHP process modes. Less experienced users may be confused as to which PHP setup they are using. Follow the steps in this wiki to determine which PHP setup you're using.

suEXEC or non-suEXEC?

  • Is the PHP suEXEC setting set to Yes or User's Home Directory Only? If so, then you are using suEXEC. If not, then you are not using suEXEC.

Which process mode am I using?

Config PHP and suEXEC in Cpanel

 
litespeed_wiki/php/which_php_setup_am_i_using.txt · Last modified: 2018/09/24 16:12 by Michael Alegre