DSO vs. CGI vs. suPHP vs. FastCGI

DSO vs. CGI vs. suPHP vs. FastCGI

This is one of the most common topics that customers will ask about. As highly important as PHP handlers are, they often the least understood. Its not too hard to understand; you don’t have to know that exact science of how it all works, but it should be learned by all who want to take their website seriously. Picking the right PHP handler for your website will give you the optimal speeds you want and maybe allow you to save some money by using a cheaper hosting package. So I invite you to take a few minutes and learn something new.

What are PHP handlers
In order to run a PHP site, the server must interpret the PHP code and generate a page when visitors access the website. It interprets the code based on which PHP library you are using, such as PHP 4 or PHP 5. A PHP handler is what actually loads the libraries so that they can be used for interpretation. PHP handlers determine how PHP is loaded on the server.

There are multiple different handlers that can be used for loading PHP: CGI, DSO, suPHP, & FastCGI. Each handler delivers the libraries through different files and implementations. Each file and implementation affects Apache’s performance, because it determines how Apache serves PHP.

It is essential for your server’s performance that you select the handler that fits your situation. Selecting the right handler is just as important as the PHP version itself. One handler is not necessarily always better than another; it depends on your unique setup.

Note: You may assign different PHP handlers to different versions of PHP. For example, version 5 may be handled by CGI while PHP 4 is handled by DSO.
How to change the handler
Changing the handler on cPanel is very easy to do and takes only seconds. Log into WHM and navigate to: Main >> Service Configuration >> Configure PHP and SuExec

You simply select your PHP handler choice from the drop-down menu. Then hit “Save New Configuration”.

Note: If you do not see your desired choice in the drop-down menu, it may need to be compiled on the server first. Run an “Easy Apache” to compile it.
List of PHP handlers
Also known as mod_php. This is an older configuration but is generally considered the fastest handler. It runs PHP as an Apache module. This means that PHP scripts will run as the Apache user, which is the user: ‘nobody’.

DSO has two drawbacks. First, all files created by a PHP script will have the ownership of ‘nobody’. They will not be readable from the web. Websites that need to upload files through PHP will run into file permission issues. This is common with WordPress users that upload files through the WordPress interface or utilize the auto-update feature. These will fail with DSO.

The second drawback is a security issue. Created files will have the ‘nobody’ ownership. If a hacker finds an exploit in your PHP script, they could implement a file that has the same privileges as important system files that are also owned by ‘nobody’. This will give them the ability to modify these other system files. The preventative fix for this is to always keep your software up to date. Check with your PHP script’s developer to keep up on the new releases.

Generally, these problems do not severely affect most users. DSO’s low CPU usage typically amounts in higher speeds and load times over most other handlers. It is also the default setting on most servers.

CGI handler will run PHP as a CGI module as opposed to an Apache module. CGI still runs PHP processes as the Apache ‘nobody’ user. The CGI method is intended as a fallback handler for when DSO is not available. According to cPanel’s own documentation, this method is neither fast nor secure, regardless of whether or not suEXEC is enabled.

suPHP also runs PHP as a CGI module instead of an Apache module. It differs from CGI in that PHP scripts that are called from the web will run under the user that owns them, as opposed to ‘nobody’. suPHP is typically the default handler and is recommended by cPanel for serving PHP because you will be able to see which user owns the account that is running the PHP script.

suPHP is beneficial in that if you are using a file upload tool on your site (such as an automatic updater or theme/plug-in installer for WordPress), the files will already have the right ownership & permissions. Uploading and other WordPress functions will not work without suPHP or FastCGI.

suPHP also offers a security advantage that any php script that is not owned by the particular user (such as another account or root) will not be executable. Also, files that have permissions set to world writeable will likewise be non-executable. This means that if one account is compromised, the malicious scripts will not be able to infect other accounts.

The drawback is that suPHP generally runs a much higher CPU load. In addition, you CANNOT use an Opcode Cache (such as Xcache or APC) with suPHP. It is strongly recommend that you install a caching plug-into supplement. If you find that your server is still continually struggling with CPU usage, you will want to consider switching to DSO or FastCGI.

FastCGI (aka: mod_fcgid) is a high performance alternative to CGI. It has the security/ownership benefits of suPHP in that PHP scripts will run as the actual cPanel user as opposed to ‘nobody’. The difference with FastCGI is that it can drastically save on CPU performance and give speeds close to that of DSO. It can also be used with an opcode cacher like eAccelerator or APC, which can help further speed the loading of pages.

The drawback is FastCGI has a high memory usage. This is because rather than creating the PHP process each time it is called, like suPHP, it keeps a persistent session open in the background. This is what lets it work with an opcode caching software.

If you like the security/ownership benefits of suPHP and you can afford a major increase in memory usage (meaning you already have a low average memory usage), you may wish to consider using FastCGI.

Click here is read the source of this Howto with compare chart:


blog comments powered by Disqus

*** How to adjust PHP and SuExec in WHM / cPanel

Go to "WHM >> Service Configuration >> Apache Configuration >> Configure PHP and Suexec" and see if SuPHP is available in the drop down options. If it is there, select it, do a dry run and save configuration. SuExec is also available there in a drop down menu with on and off option.
If not, you need to run EasyApache from "WHM >> Software >> EasyApache (Apache Update)" and select SuPHP in the available options.

Check the documentation links below.



Originally Posted by cwalke32477 
I am brand new at running my own dedicated server.
I got my start from reseller accounts and recently purchased a dedicated server.
Now I have alot of new options, and alot of new headaches.

One thing I see alot of, in my logs, is the nobody user.
I keep seeing people mention using suPHP and suExec.

However, I have not been able to find where to turn on suPHP, I can only locate suExec, in the whm.

I imagine suPHP is done with the command line somewhere, but I cannot find any instructions on setting this up.

Can anyone out there please assist me with this?

Chris Walker
Last edited by JawadArshad; 03-03-2010 at 06:27 AM.

blog comments powered by Disqus