Choosing a PHP Handler

PHP is an important part of your cPanel server. One aspect of PHP’s configuration that can be overlooked is the PHP handler. The PHP handler is the specific implementation of PHP on your server that interfaces with Apache. On a cPanel server, there are four main PHP Handlers:

  • DSO
  • CGI
  • SuPHP
  • FCGI

Each has a distinct way of processing PHP code, and has its own benefits and drawbacks. In simplest terms, the decision of which PHP handler to choose comes down to your site’s specific needs.

DSO

DSO (Dynamic Shared Object) runs as an Apache module and, because it has so little overhead, it is extremely fast. However, DSO works only with Apache in non-threaded mode.

Opting for the pure speed of DSO means forgoing the performance benefits of Apache’s other Multi-Processing Modules, such as better process management and the ability to handle more connections using fewer server resources. You will need to evaluate your site’s specific needs before deciding whether to make that compromise.

By default, PHP scripts with DSO run as the Apache user “nobody”, which can have implications for security. In that configuration, scripts are not confined to a particular domain, and a malicious script could potentially gain access to files outside the site’s home directory. DSO’s standard permissions also can create some extra work when using a Content Management System (CMS). Both the security and compatibility concerns can be addressed by compiling Apache with the mod_ruid2 module, which allows scripts to run as the Linux user who owns the domain, but DSO still would require Apache to run with the single-threaded Prefork MPM.

CGI

CGI (Common Gateway Interface) is highly configurable and can run PHP scripts as the Apache user or as the Linux user which owns the domain via SuExec (which is enabled by default in WHM). However, as the slowest of the PHP handlers, it no longer is widely used. FCGI is the preferred alternative.

SuPHP

SuPHP (Single User PHP) was designed with stronger security in mind. SuPHP only executes PHP scripts as the owner of the domain, effectively isolating each user from the others.

That makes it easy to pinpoint users with resource-intensive or compromised scripts, but it also means that SuPHP is slower than either DSO or FCGI. And since a new process is created for each incoming request, a high-traffic server also could experience elevated load during a surge as processes are spawned in rapid succession. SuPHP works with any Apache MPM, though, and both the Worker and Event MPMs can help to improve resource utilization.

Because scripts run as the user, it is a common choice for sites running a CMS and doesn’t require the same changes to permissions as DSO. However, switching from DSO running as the Apache user to SuPHP would involve modifying the permissions of scripts.

FCGI

FCGI (FastCGI) was written with speed in mind, and it is fast. With SuExec enabled, FCGI runs PHP scripts as the user, offering the same benefits for CMS sites as SuPHP, but with the bonus of added speed. It also provides enhanced security compared with DSO.

It can, however, be difficult to configure, but with some optimization it is an ideal PHP handler of choice for most servers.

At Liquid Web, we have spent several months testing and optimizing FCGI on cPanel servers to achieve maximum performance and stability while minimizing its use of resources. As a result, our Fully Managed CentOS 6 and CentOS 7 templates now include FCGI with optimized, custom settings by default.

Switching Handlers

Switching from one PHP handler to another can be a detailed process, especially when changing the ownership of PHP scripts is involved. PHP is fully managed by Liquid Web’s Heroic Support® Team, so if you are considering switching handlers or would like to take advantage of our FCGI optimizations, feel free to contact us using the information below. Our Heroic Support® Team will be happy to guide you through that transition.

===

Liquid Web’s Heroic Support is always available to assist customers with this or any other issue. If you need our assistance please contact us:
Toll Free 1 (800) 580-4985
International (517) 322-0434
support@liquidweb.com
https://manage.liquidweb.com/

How To: Give a Linux User Root-level Access Using sudo

Linux has a robust permissions system. This is a very good thing, as it enables a clear separation of roles among users, especially between the root user and your average user. Sometimes, though, you might want your average user to have some or all of root’s privileges. In Linux, this is accomplished with sudo.

Continue reading “How To: Give a Linux User Root-level Access Using sudo”

File Upload Problems

Using Softaculous, a new CMS(Content Management System) such as WordPress, Joomla, or Mambo has been installed on your website.  It does not matter which CMS is installed, they all need to be able to write files on the server. However, they could show “permission denied” errors during the first-time setup or the first time an upload is attempted via their built-in web interface.  This can happen when using DSO or CGI as the PHP handler. With either handler, php scripts by default run as the Apache user “nobody”, and the webserver software (usually Apache) needs to have write access to a user’s files to avoid this error.

Continue reading “File Upload Problems”