Table of Contents

How-to Enable SuPHP in cPanel

SuPHP is strongly recommended by NDC Host due to the inherent security of the module. SuPHP takes PHP scripts that normally run under the user the webserver runs them (nobody) and instead runs them as the effective owner of the PHP file itself, which in most cases is the cPanel user. The advantage here is not only for security reasons, but also that permissions can be tightened on files/directories that PHP needs write/execute access to. For instance, consider a typical Joomla setup: the cache directory, among others, needs to be writable by the webserver user which by default in cPanel is “nobody”. To achieve this there are two ways:

What SuPHP allows is for the directory to remain owned by user:usergroup and tight 0750 permissions (or even 0700). Furthermore, files created through PHP (uploaded files as well) will be owned by the effective user instead of nobody as they otherwise would be. This allows users to manage/delete/rename these files themselves as a normal cPanel-level user as opposed to requiring root access, or needing a server admin to change the ownership for them.

Sound good? If so, let's get started!

Building SuPHP Support

Apache and PHP will now rebuild automatically for you, and you will not have any service downtime while this transpires. This build typically takes anywhere from 20-30 minutes to complete.

Enabling SuPHP as the Default Handler

This setting is not retroactive for any files/directories with incorrect nobody ownerships, so you'll need to log into the server as root and fix those manually. Also while you're in there you can tighten down directory permissions as described above!

Converting to suPHP Tips and Tricks

Fixing Permissions on files and folders

When converting to suPHP one of the common problems admins see is customer websites showing “internal server errors”. Many times this is caused by incorrect permissions being set on the files and directories. The below code will help correct these permission problems by setting PHP files to 0600, directories to 0711, and files/directories to the proper user.group.

cd /var/cpanel/users/
/scripts/chownpublichtmls
for i in *;do find /home/$i/public_html -iname "*.php" -exec chmod -v 600 {} \;; find /home/$i/public_html/ -type d -exec chmod -v 711 {} \;;done