PHP as a CGI with Suexec
When PHP runs as a CGI with Suexec, PHP files work under your user/group. PHP files no longer require loose permissions to function, now they will require strict permissions. Setting your directories or PHP files to 777 will cause them to produce a 500 Internal Server Error, this happens to protect your PHP files from being abused by outside sources.
Under PHPSuexec your directories and PHP files can have permissions no greater than 755 (read/write/execute by your username, read/execute by group/world). Since you own your files, your scripts can function in any directory your user has created and can’t be manipulated by any outside users, including “nobody”.
Now, when a PHP file creates or uploads a new file under your account, the new file will be owned by your username. You will no longer have to worry about the webserver taking over your files and even more important, you will no longer have to worry about a stranger reading or writing to your files either!
When PHP runs as an Apache module you are able to manipulate PHP using .htaccess – since .htaccess is an Apache feature. When PHP runs as a CGI, you can no longer do this because Apache no longer understand the PHP flags and values. Instead, when PHP runs as a CGI, you will need to create your own PHP initialization file, this file is called php.ini — php.ini works almost the same as .htaccess — it is simply a text file with directives that will be used instead of the servers default directives.
To give you a better understanding about how both work in regards to PHP, we have listed a .htaccess file and a php.ini file below.
php_value magic_quotes_gpc on
magic_quotes_gpc = on
There is one main difference to the use of .htaccess vs php.ini — a .htaccess file can be placed at the root directory and effect all subdirectories with just 1 file, php.ini does not work this way. A php.ini file needs to be placed in every directory and subdirectory that requires the altered directives. This is a downfall for using PHPSuexec, however we hope that in the future PHP can be written to handle the php.ini file in a more workable fashion.
Last but not least, there is a directive used in .htaccess that needs to be altered in order to work under PHPSuexec. The directive ForceType needs to be changed to SetHandler. For example:
PHP as an Apache Module .htaccess Style
PHP as a CGI with Suexec .htaccess Style