I am having problems with a script I wrote.

PHP suexec is running on all of our shared servers. If you are running code that is insecure or uses simple php authentication it may not work as a result of PHP suexec. PHP suexec provides additional security and is becoming a standard. Provided below are basic PHP suexec rules to follow:

1. User executing the wrapper must be a valid user on this system.
2. The command that the request wishes to execute must not contain a /.
3. The command being executed must reside under the user's web document root..
4. The current working directory must be a directory.
5. The current working directory must not be writable by group or other.
6. The command being executed cannot be a symbolic link.
7. The command being executed cannot be writable by group or other.
8. The command being executed cannot be a setuid or setgid program.
9. The target UID and GID must be a valid user and group on this system.
10. The target UID and GID to execute as, must match the UID and GID of the directory.
11. The target execution UID and GID must not be the privledged ID 0.
12. Group access list is set to NOGROUP and the command is executed.

In the case fo php authentication use coding the follows the above parameters or try using an .htaccess and .htpasswd instead.

Share this page:


Was this article useful? Have any suggestions or improvements to the information?

Also Read

Increase PHP Memory

Fatal error: Allowed memory size of xxxxxxxxx bytes exhausted (tried to allocate 1064256 bytes)....

How to Disable XCache for a Domain

On many of our servers xcache is use as part of the php caching mechanism. If you are...

Test MySQL Connection

The following is a great way to verify a MySQL / MariaDB database connection issue. Create a file...

When trying to connect to MariaDB or MySQL you receive error 2003 Cannot connect to MySQL on x.x.x.x on port 3306 (10060)

Please ensure you have added the remote IP to the allow list in your hosting control panel...

Internal Server Error with PHPList

PHPList produces internal server error. Checking error logs results in: Invalid command...