Web Hosting Forum | Lunarpages

Author Topic: suPHP, Inherited php.ini, & 500 Internal Server Errors  (Read 26969 times)

Priest

  • Guest
suPHP, Inherited php.ini, & 500 Internal Server Errors
« on: October 08, 2004, 02:47:49 AM »
This is a consolidated post and adds new information about suPHP.

First, Inherited php.ini and .htaccess:

With the new suPHP that is being installed on the servers, you will find that if you leave the php values in the .htaccess file, you get a 500 Internal Server Error.

The workaround for this is to create a new file called php.ini. This file is identical in syntax to the server's main php.ini file and houses all the customizations you want for your site. The downside is that this file is not inherited as the php values in .htaccess were, it only effects the directory it is located in.

In order to get the values in your php.ini to be inherited by all the subdirectories, you will need to add the following lines to the .htaccess file in your public_html folder:

Code: [Select]
suPHP_ConfigPath /home/username/public_html
<Files php.ini>
order allow,deny
deny from all
</Files>

This will make php look for a php.ini file in the public_html folder. It is important to leave off the trailing slash and to not specify a filename, the file must be called php.ini.  If you need different php settings in a particular folder, then simply place a php.ini file in that folder and it will override the main php.ini in the public_html folder.  The <Files> section ensures that no one can view the php.ini file from the internet.
« Last Edit: May 29, 2006, 02:42:32 PM by Priest »

Priest

  • Guest
suPHP, Inherited php.ini, & 500 Internal Server Errors
« Reply #1 on: October 09, 2004, 07:21:26 AM »
Second, suPHP and Temporary URLs (http://server.lunarpages.com/~user):

PHP will not work with the Temporary URLs that we provide before a site's nameservers are changed to ours (ASP and JSP are similarly affected and the following will work for them as well).  You can send an email to support@lunarpages.com and request a temporary subdomain or you can add an entry to your computer's DNS resolver file.  Both will accomplish the same goal, though with the latter you do not have to wait and can change it at any time.  

Before beginning, you will need to know the server that your account is on and that server's IP address.  The server you are on can be found in the Account Information email sent to you when the account was confirmed.

If you are not familiar with how to perform a lookup, please go here: http://centralops.net/co/ and click on NSLOOKUP on the Left column.  Then type in the server that your account is on where it says domain and click the go button.  The result will provide the IP address, here is an example using hydra.lunarpages.com
Code: [Select]
Answer records
name class type data time to live
hydra.lunarpages.com IN A 64.235.234.13 1800s (30m)
In the above example, 64.235.234.13 is the IP address of the server.

I have listed numerous Operating Systems below and where the resolver file is located.  If you use one that is not listed, PM me and I will add it:

Windows 95/98/ME
- Filename = hosts
- Location = x:\Windows

Windows 2000
- Filename = hosts
- Location = x:\WINNT\System32\Drivers\Etc

Windows XP
- Filename = hosts
- Location = x:\Windows\System32\Drivers\Etc

Mac OS X 10.x
- Filename = hosts
- Location = /etc

Linux (All distros I am aware of)
- Filename = hosts
- Location = /etc

Unix (All distros I am aware of)
- Filename = hosts
- Location = /etc

1.)  Open the hosts file using Notepad, VI, or similar text editor.  Do not use a word processor.

2.)  Your file should contain the following line:
Code: [Select]
127.0.0.1       localhost
3.)  Add your server and domain information so that it looks like this:
Code: [Select]
127.0.0.1       localhost
64.235.234.13   yourdomain.com
64.235.234.13   www.yourdomain.com
Being sure to replace 64.235.234.13 with the IP address of the server your account is on.

4.)  Create, upload and test your site.  You will not be able to access your regular site while this file is modified as above.

5.)  When testing is complete, remove the line that you added to the hosts file and change your nameservers as you normally would.

Priest

  • Guest
suPHP, Inherited php.ini, & 500 Internal Server Errors
« Reply #2 on: October 09, 2004, 07:21:46 AM »
Third, Permissions:

With suPHP, you should not have any php scripts with permissions set to 666 or 777, this can result in a 500 Internal Server Error.  To explain why suPHP requires these changes to the file permissions, please note that suPHP runs scripts with the permissions of their owners. Regular PHP executes scripts under the permissions of the system user running the web server, which means that your script runs with different permissions than your own user account and makes it very hard to use a PHP script to modify and create files without giving everyone on the server access to your files (this means that on regular PHP you provide write or execute access to group and world even for some files). Since suPHP makes your PHP scripts run with the same permissions as your regular user account, you do not need group or world write access or execute access for files and suPHP will even prevent files from running that are group or world writable or executable as a security precaution.
 
666 equals the following:
 
Code: [Select]
Mode     User   Group   World
Read     4      4       4 (all checked)
Write    2      2       2 (all checked)
Execute(none checked)


This makes group and world able to write to the file, a security risk
 
777 equals the following:
 
Code: [Select]
Mode     User   Group   World
Read     4       4      4 (all checked)
Write    2       2      2 (all checked)
Execute  1       1      1 (all checked)

 
This makes group and world able to write and execute the file, a very large security risk.
 
Basically, suPHP is more secure, and preventing scripts from running as 666 or 777 prevents group or world from maliciously writing to the files and hacking your scripts.

Addendum

That is all the information provided for now.  If you see any mistakes or know of any information left out, feel free to PM me and let me know.

 

Share |