Which ones among you run all your shared hosting accounts - or at least those by request - using suEXEC for the entire domain?

I'm not interested in running suEXEC or cgiwrap in one directory in my web space, but for my entire web site.

What do you charge for this service? Part of your standard plan? Extra?

See the thread below for more information on the problem being addressed:

http://webhostingtalk.com/showthread.php?s=&threadid=11056

-t

Why are you posting this in "Web Hosting Advertising / Offers Forum" ? :confused:

Thomas

Originally posted by VIPsNet
Why are you posting this in "Web Hosting Advertising / Offers Forum" ? :confused:

Thomas

I thought this was the only place where hosts could respond with the program that they offer in this space...:confused:

Okay.

maybe it'll turn into advertisement/offer post when hosts reply :D

sorry for confusion.

Thomas

Originally posted by thewitt
Which ones among you run all your shared hosting accounts - or at least those by request - using suEXEC for the entire domain?
-t

http://www.myONLYhost.com/packages.php offer vserver which using suexec mode for all accounts.

note: I'm not their sales or staff, and have NO relationship with them at all.

Hi,

I provide such hosting.
I have a ded server with Catalog.com and it has plesk installed with suEXEC for the entire domain.

If you want, i can set you up a demo account to try out and experiment so that you be sure that it is what you want.

Demo account does not cost a penny ;)

Regards
Abhishek

Question: Why would a web host ever *not* provide suexec everywhere?

This really is a serious question -- I can't see any benefit to not using suexec everywhere, and I can see significant disadvantages (eg, security). Similarly, I can't see why a web host would not have directories automatically permitted to stop users from looking at each others files. (I hope nobody minds my taking this slightly off topic... mods please feel free to kill this post if you want)

It appears to me that more shared hosts are insecure than are secure. :rolleyes:

There are one or two disadvantages to using SuExec. All php, perl and other scripts have to be executed in CGI mode, meaning you can't use mod_php and mod_perl since these run in-process and don't support username switching, hence creating an extra burden on server resources.

So what's the trick to making this stuff secure? If I can see outside my document root for my virtual server just by including a file in someone else's directory, does that really mean that shared servers are inherently insecure and should never hold things like usernames and passwords in config files?

These files don't have to be inside the web space to be vulnerable. They only have to be readable by the web server, and consequently by anyone on the same shared hosting server.

-t

The first answer lies in using Suexec and installing optimized executables of php and perl (disabling mod_php and mod_perl). Such setup was used for many years on very very busy websites, mod_perl and mod_php are relatively new.

The other answer lies in providing each user (or those that use other content than static files) with their own apache daemon running under their own username with mod_php, mod_perl etc compiled into the kernel. Obviously max sites per server is significantly reduced.

The other other answer lies in running IIS on Windows NT, in IIS it is very easy to setup multiple websites under multiple usernames, without any significant performance decrease since ASP still runs inprocess.

The other other other answer lies in low end dedicated servers, <$99.

Thewitt: good luck in your search, you can instantly rule out any cpanel hosts.