Need to create a template without SuExec enabled

Trying to build PHP4 in CentOS 5 following the instructions on, where it says, that build of PHP4 is not able to run if SuExec is enabled and that if not disabled one will see is just white screen instead of webpage.

Taking into consideration that warning trying to create a new template without suExec, but on saving apache configuration page Virtualmin gives:

Failed to save server template : PHP scripts cannot be run as the domain owner unless suexec is enabled

How can I overcome this contradiction? I need to have a template without SuExec for some of my websites. The others all are running in PHP5.

Yeah, getting PHP4 working is both difficult and, well, not really recommended… there’s no security updates being produced for it, so all kinds of problems could come from that.

That said, PHP4 can definitely be run from suexec. Certain setups may not work, but PHP4 as a whole can certainly run from suexec.

Virtualmin Pro supports running both PHP4 and PHP5 side-by-side, and does so running them via suexec.

I think the catch would be that whatever program suexec calls has to be located within /home. If you look in ~/cgi-bin/, you’ll see php5.cgi, which Virtualmin uses as a PHP5 wrapper. You may be able to reuse that to get PHP4 working for you.


It is a pity though, that we can’t turn SuExec for some of the virtual servers. Well, I will give a try to run PHP4 in SuExec. Meanwhile, do I have to additionally configure Vurtialmin for using PHP4? For example, my PHP4 configuration file is in /opt/php4/etc/php.ini, do I have to somehow inform Virtualmin about this path for it to pick it up and use when creating virtual servers?

I did not quite get how can I “reuse that to get PHP4 working” for me. I tried to remove that wrapper, it did not allow me to.

Eric probably meant “take the cgi script for php5 that comes with VMin, edit it to your needs and then use it for php4”. :slight_smile:

To disable suexec, you can go into Server Configuration -> Website Options, and uncheck “Run CGI scripts as domain owner”. That affects all scripts being called within that domain, and is considered a security risk, but that’s how you’d disable it :slight_smile:

Locutus is indeed correct though, I just meant making a copy of the php5.cgi script, call it something like “php4.cgi”, make whatever changes you want to it, then use that to call PHP4 for you.