PHP SuEXEC mode
suEXEC is an Apache execution method for CGI and SSI programs that makes executing PHP scripts more secure by running each PHP process as the owner of a particular account instead of as the user running the web server. This means that even if one user on a server is compromised, PHP scripts run from their accounts will not have access to other users' files. suEXEC has long been a basic feature in shared hosting environments.
LiteSpeed Web Server is capable of using this execution method directly when configured to read Apache configuration files. When running LiteSpeed Web Server (native),a similar implementation, called ExtApp Set UID Mode, is available at the Virtual Host level. suEXEC like behavior can also be achieved at the External Application level using the Run as User and Run as Group settings.
PHP SuEXEC enabled on control panel by default
If you run shared hosting services with a control panel, it is necessary to use SuEXEC mode for security reasons. Our LSWS installation script will enable PHP SuEXEC by default for all control panels hence LSWS will run PHP SuEXEC out of the box. In SuEXEC mode, each PHP process will run as the owner of the virtual host's document root.
To manually enable SuEXEC on LSWS for cPanel, Plesk, or another control panel, Configuration > Server > General > Using Apache Configuration File > PHP suEXEC should be set to Yes
. However, Enabling PHP suEXEC for the control panels is default setup during the installation and you have no need to manually change it here. Once it is set, generally you should not make change anymore to avoid permission problem, since PHP SuEXEC will generally run as user:user
while non-PHP SuEXEC will run as nobody:nobody
.
Enable PHP SuEXEC for LiteSpeed Web Server (Native) or OpenLiteSpeed
To enable SuEXEC for LSWS native or on OpenLiteSpeed, you will need to create external apps (name should be unique and different than server level external apps and other virtual host external apps, for example, lsphp_$vhost; also set it to run as username:usergroup to implement PHP SuEXEC) and script handler pointing to the newly created external app under each virtual host.
PHP Process Modes: ProcessGroup/Daemon/Worker
LiteSpeed Web Server offers a number of different PHP process modes for the various needs and goals of shared hosting providers: ProcessGroup mode, Daemon mode, and Worker mode.
Which PHP setup am I using?
LiteSpeed Web Server comes with a number of PHP process modes. Less experienced users may be confused as to which PHP setup they are using. Follow the steps in this wiki to determine which PHP setup you're using.
suEXEC or non-suEXEC?
- Is the PHP suEXEC setting set to
Yes
orUser's Home Directory Only
? If so, then you are using suEXEC. If not, then you are not using suEXEC.
Which process mode am I using?
- Is the Run on Start Up setting set to
Yes (Daemon mode)
? If so, then you are running Daemon mode. If not, then you are running Worker mode. - Do you have an
LSPHP_ProcessGroup on
directive in your Apache configuration files? If so, then users with that configuration are using ProcessGroup mode. (This can be set at the server or virtual host level.) - Is Instances set to
1
? If so, you are running ProcessGroup mode. If not, you are running Worker mode. These setups are explained further in PHP Process Modes.)
Config PHP and suEXEC in Cpanel
Please refer to Cpanel documentation:
https://documentation.cpanel.net/display/ALD/MultiPHP+Manager+for+WHM