Troubleshoot suPHP Permission Issues

Posted on November 11th, 2016

suPHP requires folders and files to have a specific set of ownership and permissions for the proper functioning and handling of PHP scripts. While working with suPHP you will see a lot of errors like, “500 Internal Server Error”, “403 Forbidden error”, broken images, no JavaScript behaviors appear to work, and simple errors that will highlight the word “permission” in them. Tracking and fixing these errors are time consuming process and patience is required. These errors are common when switching from current PHP handler to suPHP handler. suPHP handler is a CGI based handler that usually runs PHP requests using suEXEC apache feature. suPHP is generally used by hosting companies as it offers additional security for the entire server. The server normally has a large number of domains and user accounts in it. Enabling suPHP will handle PHP requests using corresponding user account’s privileges. Sometimes poor configuration in suphp.conf leads to permission issues.


Sample SuPHP Configuration

1) Path to logfile


2) User Apache is running as


3) Path all scripts have to be in


4) Path to chroot() to before executing script


5) Security options





6) Check wheter script is within DOCUMENT_ROOT


7) Send minor error messages to browser


8) PATH environment variable


7) Umask to set, specify in octal notation


8) Minimum UID


9) Minimum GID


10) Handler for php-scripts


11) Handler for CGI-scripts




suPHP will prevent any PHP files with world-writable permissions from being run. Most files and folders can have permissions set up to 644 and 755 respectively. All the files and folders must be owned by the particular user. We can set the permission of folder and files using following commands.

1) Change permissions for all folders to 755

find /home/*/public_html -type d -exec chmod 755 {} \;

2) Change permissions for all files to 644

find /home/*/public_html -type f -exec chmod 644 {} \;

3) Change permission for only php scripts to 600

find /home/*/public_html -type f -name *.php -exec chmod 600 {} \;

4) Remove any php_value and php_flag entries in .htaccess files

find /home -type f -name ‘.htaccess’ -exec grep -Hrn ‘php_value’ ‘{}’ \;

find /home -type f -name ‘.htaccess’ -exec grep -Hrn ‘php_flag’ ‘{}’ \;



Using this script the ownership of files and folders can be set to user:user which satisfy suPHP security conditions. This script is only compatible with cPanel servers and it is highly recommended to take complete backup of the server before running this script. The script runs in a quiet mode with minimal info by default. If you need to observe and know what is happening when the script is run, just turn on the verbosity and the script will display everything. To turn on the verbosity -v option can be used. To use fixperms login as root user and wget the file from the following link.


Fixperms script can be run for a specific account or for all accounts, with or without verbosity.


Fixperms for single user

sh ./ -a user_name

sh ./ -v -a user_name

Fixperms for all users

sh ./ -all

sh ./ -v -all



Once suPHP is enabled, the following requirements should be checked and matched.

1) All files including php scripts have permissions of 644 and below

2) All folders have permissions of 755 and below

3) All php_flag and php_value entries in .htaccess file must be removed

4) The owner:group of all files and folders must be particular user

5) Complete server backup must be made before running fixperms script.


If you need any further assistance please contact our support department.



Leave a Reply