So you’re merrily marching along, happy as a clam because you just set up a glorious new web site that uses, say, a PHP-based content management system like Joomla or WordPress running on a Unix or Linux server.
Everything is going well until suddenly, you start to get feedback from users that they can’t access certain pages or actions on your site. Worse yet, some people seem to be completely blocked from your site entirely.
The problem your users are seeing is a 500 Error, aka “Internal Server Error”. Most of the time, for most people, your site works great… But this is becoming a serious issue for some users.
What to do?
The first thing you have no doubt done is to log in to your server and check out the Apache error logs. Where these logs are depends on your hosting company and the flavor of the OS you are using.
In Apache’s error log, you may see messages like this:
[Fri Feb 21 12:49:17 2009] [error] [client 111.222.333.444] Premature end ofscript headers: index.php, referer: http://www.crazy-bobs-fried-chicken.com
You hop on your favorite search engine and start trying to find somebody who has solved this problem. What you will most likely discover is that a lot of people have made a lot of recommendations, but few of them actually work. Worse yet, a few sites claim that this is one of the most difficult errors to fix because it’s so general.
Now, your site uses PHP, and that means that it is driven by a series of files that need to be run by your web server in order to produce pages for your users to see. On a Linux or Unix server, each file has its own permissions in the form:
The “d” at the beginning is only set for directories. The three groups of “rwx” mean “read, write, execute”. There are three groups because the first group is for you (the user), the second group is for the unix/linux user group you belong to on the server (i.e. “www-data” or “pg123456”), and the third group is for “all” (i.e. the rest of the world, including those trying to view pages on your site). Permissions are changed using the “chmod” command, which you can see how to use by typing “man chmod”. Just kidding, I hate man pages. They should be called “monkey pages”. Better option: search for “chmod usage” on Google!
Fabulous. So, as I was saying, your PHP files should be executable and readable by everyone in order for them to work nicely. In many cases, you might just set your permissions to “rwxrwxrwx”, which means anyone and their grandmother can read, write, or execute that file. This is generally not advisable, however, for security reasons. This is where it gets interesting. For more on this little problem, let’s check out the <TeRanEX/> weblog v2 (good name, eh? Version numbers rule!):
Tricks for servers running phpsuexec
When a php script requires write access to a file or directory (like Nucleus does for the ‘media’-directory if you want to be able to upload pictures etc), you have to chmod that directory (or file) to 777 (or 666 for files) on most servers. This gives world write access to this folder (file). This is because on most servers apache (and php) runs as user ‘nobody’. Although giving world write access will make it possible to use the script, it also means a security hole, which can be used by hackers and other riff-raff.
To avoid this security hole some ISP’s install phpsuexec on their servers (like mine did a few days ago). Using phpsuexec, php runs under your own username on the server. This removes the necessity to make files and folders world writable. Instead you can just use 755 for folders (the default) and 644 for files (also the default).
It turns out that there is actually another reason why you should make all your PHP 755: because phpsuexec will throw a 500 Internal Server Error if it detects any other permissions. Oh sure, your server will work, and most people may be able to view pages without incident. But, depending on how your hosting company has configured your server, it is entirely possible that unless your files are set to 755, you will get random 500 errors that defy all logic and reason. And when you contact your hosting company’s tech support, they’ll tell you they don’t know what the heck the problem is because everything should be okay! Yes! Great! But it’s NOT okay!
So, here’s what you do: SSH in to your server (like, open up a terminal window and log in). Navigate your way to your application’s root directory. Do an
ls -la to list all files with tons of details, including file permissions. If your PHP files are set to anything other than 755 (aka “rwxr-xr-x”), type the following command:
chmod 755 *.php
Wasn’t that easy? Not so fast! That only changed the permissions on the PHP files in the current directory. However, like most applications, there will be subdirectories with other PHP files belonging to your app whose permissions will also need be changed. You might think that you can just type in:
chmod -R 755 *.php and you will be good to go since the “-R” will recursively change permissions for all PHP files in any subdirectores, but that won’t work because the file string “*.php” obviously excludes any subdirectories. So, do it the hard way and navigate to each subdir and change permissions there for all PHP files to 755 as well.
When you are done, your Internal Server Errors will go the way of the dinosaur. You can verify this by opening two terminal windows, and in the second one, do a
tail -f on your Apache error.log file so that you can see the error messages stop when you change the file permissions (Ctrl-C aborts a
tail command). It’s great fun, really.
Since you are now victorious, you can send another message to your hosting company’s support team and inform them that you are smarter than they are. Seriously though, it’s not a bad idea. Just think of all the poor people out there crying on their keyboards because:
a) People don’t share their solutions for server troubles
b) No one ever reads this here blog
b) is especially sad. On the plus side, since like 3 people have ever looked at this blog and I’m 3 of them, I can safely say that your mother wears combat boots. And that’s another thing that most people will never know.