When running a cPanel update, you may get the following error:

/scripts/upcp
/scripts/upcp syntax OK
Running Futex Check/Fix……Done
Undefined subroutine &Cpanel::Update::automatic_updates_enabled called at /scripts/upcp line 273.

To fix this, run the following command:

wget -O /root/updatenow.static http://httpupdate.cpanel.net/cpanelsync/RELEASE/scripts/updatenow.static && perl /root/updatenow.static --manual

Then you can proceed running a cPanel update:

/scripts/upcp --force

There’s been a long-standing issue from a hosting provider’s point of where cPanel runs on abnormal ports, causing users behind firewalls to be unable to access cPanel. At first, there was cpanelproxy.net which offered (at that time) an automated script that users could install on their hosting accounts to route cPanel traffic over port 80. Around the time that cPanel 11 came out, the script no longer worked, and users behind corporate or school firewalls were out of luck.

cPanel 11 introduced its own proxy to allow users to get around firewall restrictions.

To enable this feature without inconveniencing users, check these three options in WHM > Tweak Settings:

Add proxy VirtualHost to httpd.conf to automatically redirect unconfigured cpanel, webmail, webdisk and whm subdomains to the correct port (requires mod_rewrite and mod_proxy)

Automatically create cpanel, webmail, webdisk and whm proxy subdomain DNS entries for new accounts. When this is initially enabled it will add appropriate proxy subdomain DNS entries to all existing accounts. (Use /scripts/proxydomains to reconfigure the DNS entries manually)

Allow users to create cpanel, webmail, webdisk and whm subdomains that override automatically generated proxy subdomains

*Keep in mind that if you’re establishing these settings on an existing server, it’s going to update the zones for each domain on the server and synchronize them out to the DNS cluster. This got us in trouble once, as we had a number of suspended accounts on a server that ended up having their DNS reverted back when the proxy subdomains were updated.

To enable proxydomains for the whole server:

/scripts/proxydomains add

To enable for all domains on one user’s account:

/scripts/proxydomains –user=<user> add

To enable for a single domain:

/scripts/proxydomains –domain=<domain> add

To remove proxy domains, use the same commands as above, only use “remove” instead of “add”. From here, you can access the proxy at http://cpanel.domain.com (or webmail/whm, respectively), or access cPanel normally and let it detect whether you are behind a firewall.

I wrote this script a while back to fix the permissions of alias files in /etc/valiases when users were having trouble creating forwarders. You can also download the script in plaintext here.

#!/bin/bash
 # Script to fix permissions of valiases
 # Written by: Vanessa Vasile 5/17/10
 # http://thecpaneladmin.com
 
 for domain in `cat /etc/userdomains |awk '{print $1}' | grep -v "*" | cut -d: -f1`
 do

if ! [ -f /etc/valiases/$domain ]; then
 touch /etc/valiases/$domain
 fi
 
 user=$(egrep "^$domain:" /etc/userdomains |awk '{print $2}');
 chown $user:mail /etc/valiases/$domain
 chown $user:mail /etc/vdomainaliases/$domain
 chmod 644 /etc/valiases/$domain
 chmod 644 /etc/vdomainaliases/$domain
 done

Update: cPanel now has a script to allow you to do this:

/scripts/fixvaliases

500 Internal Server Errors are one of the most common PHP issues that I see customer experience, and it will occur mostly on servers with suPHP or PHP running as CGI.  These errors can be caused by something on the server, or an issue on the user’s site. Here ‘s what you should do if you see errors:

Check the logs

You can solve most problems quickly just by looking at the logs:

/usr/local/apache/logs/error_log

/usr/local/apache/logs/suphp.log

Here are some common errors:

SoftException in Application.cpp:357: UID of script "/home/user/public_html/test.php" is smaller than min_uid

SoftException in Application.cpp:422: Mismatch between target UID (511) and UID (510) of file "/home/user/public_html/test.php"

SoftException in Application.cpp:264: File "/home/user/public_html/test.php" is writeable by others

These are all permission/ownership issues, indicating that the owner of the PHP file being called in incorrect, or the permissions are higher than what is allowed in suphp.conf.

Invalid directions in .htaccess

If you’re running PHP in CGI or suPHP mode, you can’t use php_flag or php_value directives in .htaccess – you either need to use htscanner to allow Apache to parse those commands, or make php-related changes in php.ini within the user’s account. You can check the Apache error log in /usr/local/apache/logs/error_log to see if you get something like this:

/home/user/public_html/.htaccess: Invalid command 'php_flag', perhaps misspelled or defined by a module not included in the server configuration

If the error log indicates a problem with .htaccess, you need to remove the directives indicated and make sure your ssyntax is correct, and that they are in the correct places.

Incorrect ownership or permissions

PHP scripts and their immediate parent folder will usually have permissions limits when PHP runs in CGI/suPHP mode. By default, PHP files and their parent folders can not have group or ‘other’ writable permissions, and cannot be owned by a user on the system other than than the user that owns the home folder it is located in. Additionally, cPanel’s implementation of suPHP does not allow PHP to execute via browser from locations that are not inside a user’s home folder. The first thing you should check is that the PHP script and its parent folder(s) are not writable by ‘group’ or ‘other’, or owned by a different system user. You can usually see if this is an issue by tailing the suphp log in /usr/local/apache/logs/suphp.log, or whatever the suphp.conf has set as the log location.

You can adjust suPHP’s permissions allowances in /opt/suphp/etc/suphp.conf to allow ‘group’ and ‘other’ writable permissions if it’s necessary by modifying these values:

allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false

If the problem is with the min_uid value being too low (such as if you’re running a PHP script as root), you can also modify the “min_uid” and “min_gid” values to be more permissive. Changing anything in the suphp.conf requires a restart of Apache.

SuPHP binary missing its “sticky” permissions

Take a look at the suphp binary. It should look a bit like this, and in most shells, will be highlighted in red:

-rwsr-xr-x 1 root root 341K Mar 30 12:25 /opt/suphp/sbin/suphp*

If it’s missing the ‘s’ in the permissions column, you need to re-add the sticky bit to allow users on the system to execute it properly:

chmod +s /opt/suphp/sbin/suphp

Last resort

If all else fails, you could be running a bum Apache build.  Try running EasyApache to reinstall to see if that fixes the problem.  You can also submit a support request to us and we may be able to fix this for you:

This is a simple bash script I wrote to fix the permissions and ownership of files within a cpanel account. To use, simply copy the script your server, chmod 755, and pass the usernames as arguments:

./fixperms user1 user2 user3

You can also run a server-wide loop like this:

for i in `ls -A /var/cpanel/users` ; do ./fixperms $i ; done

Below is the script, but I recommend downloading it from here to ensure that the formatting is correct.

#!/bin/bash
# Script to fix permissions of accounts
# Written by: Vanessa Vasile 5/13/10
# http://thecpaneladmin.com

if [ "$#" -lt "1" ];then
echo "Must specify user"
exit;
fi

USER=$@

for user in $USER
do

HOMEDIR=$(egrep ^${user} /etc/passwd | cut -d: -f6)

if [ ! -f /var/cpanel/users/$user ]; then
echo "$user user file missing, likely an invalid user"

elif [ "$HOMEDIR" == "" ];then
echo "Couldn't determine home directory for $user"

else

echo "Setting ownership for user $user"

chown -R $user:$user $HOMEDIR
chmod 711 $HOMEDIR
chown $user:nobody $HOMEDIR/public_html $HOMEDIR/.htpasswds
chown $user:mail $HOMEDIR/etc $HOMEDIR/etc/*/shadow $HOMEDIR/etc/*/passwd

echo "Setting permissions for user $USER"

find $HOMEDIR -type f -exec chmod 644 {} \; -print
find $HOMEDIR -type d -exec chmod 755 {} \; -print
find $HOMEDIR -type d -name cgi-bin -exec chmod 755 {} \; -print
find $HOMEDIR -type f \( -name "*.pl" -o -name "*.perl" \) -exec chmod 755 {} \; -print
fi
done

When adding an email forwarder you may see an error like this:

Fatal! Write Failure: /etc/valiases/thecpaneladmin.com. Ignore any messages of success this can only result in failure!

To fix this, run (replace user with username and domain with the domain name)

chown user:mail /etc/valiases/domain.com

chmod 644 /etc/valiases/domain.com

I recently saw an issue on one of our servers where we were trying to enable Zend Optimizer and IonCube Loaders, but they just won’t show up on a phpinfo page despite showing up via command line:

-bash-3.2# php -v
PHP 4.4.9 (cli) (built: May  4 2010 13:55:07)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
with the ionCube PHP Loader v3.3.14, Copyright (c) 2002-2010, by ionCube Ltd., and
with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies

After toggling around with this and finally getting cPanel installed, one of their techs (Kyle P.) figured out that the problem is with PHP being built with the versioning extension, which can apparently cause dynamic modules not to load when PHP is invoked as a DSO (and likely as CGI, but couldn’t reproduce it). The CPanel documentation also recommends against it:

“Versioning – The PHP versioning option was intended to allow the same sort of functionality that the concurrent DSO patches allow. It does not work well and is not recommended by cPanel or the PHP developers.”

Quite honestly, I never used versioning on a server and I knew it wasn’t something that was recommended, but at least now we know why!

One of the servers here at work was giving a 500 Internal Server error whenever a PHP page was loaded. Among the various things that can cause this error when you’re running PHP in CGI mode (suPHP), this error showing up in the Apache log was most unusual. Turns out it’s due to the suphp binary missing its sticky/suid permissions.

SecurityException in Application.cpp:188: Do not have root privileges. Executable not set-uid root?

To fix, simply chmod +s the suphp binary:

chmod +s /opt/suphp/bin/suphp

In your Exim logs you may see errors like this:

Warning: ACL "warn" statement skipped: condition test deferred: ratelimit database not available

temporarily rejected connection in ?connect? ACL: ratelimit database not available

This likely means the Exim cache databases are corrupted. You can clear them by running:

rm -fv /var/spool/exim/db/*

Then restart Exim.

The files in question are:

• /var/spool/exim/db/ratelimit
• /var/spool/exim/db/ratelimit.lockfile
• /var/spool/exim/db/retry
• /var/spool/exim/db/retry.lockfile
• /var/spool/exim/db/wait-dk_remote_smtp
• /var/spool/exim/db/wait-dk_remote_smtp.lockfile
• /var/spool/exim/db/wait-remote_smtp
• /var/spool/exim/db/wait-remote_smtp.lockfile

In cPanel 11.25, you may be seeing errors like this in /var/log/exim_paniclog:

2010-04-15 12:33:27 failed to expand condition "${if exists {$home/etc/$domain/quota}{${if > {${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{0}{${if eq {${if exists {$home/mail/$domain/$local_part/maildirsize}{1}{0}}}{0}{${if > {${run {/usr/local/cpanel/bin/eximwrap GETDISKUSED $local_part $domain}}}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{true}{false}}}{${perl{checkuserquota}{$domain}{$local_part}{$message_size}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}}}{$home/mail/$domain/$local_part/maildirsize}}}}}{false}}}{false}}" for virtual_user_maildir_overquota router: absolute value of integer "10485760000" is too large (overflow)

To fix this, run :

/scripts/reset_mail_quotas_to_sane_values –force –confirm –verbose