500 Error and PHP

From Lunarpages Web Hosting Wiki

I get a 500 error on my PHP scripts when I use the temporary URL. There is nothing wrong with my script. Why is this happening?

Unfortunately, the temporary URL will not work with PHP servers like the one you are on. This is a security measure put in place by PHP to prevent others on the server from accessing your files.

Other PHP 500 Error Page Fixes

Your permissions are wrong

The permissions on some of the folders or files are 777 or 666. If this is the case, change them to either 755 or 644 in cPanel's File Manager (or using your local FTP client).

The files and/or folders are not owned by you.

Certain applications having been run under PHP as an Apache module may have files owned by the Apache user of nobody. An indication that you don't own the files would be if you are unable to change their file permissions. To correct this, please contact support.

Your .htaccess file has php_values or php_flags in it.

This causes a 500 Internal server error when attempting to execute the script.

The php_values and php_flags will need to be removed from your .htaccess file (please make a backup of the .htaccess by copying its contents and saving it on your desktop as htaccess.txt). Take the contents removed from .htaccess and place it into a file you create called php.ini. Remember to remove the php_flag and php_value part before the directives as php.ini files do not require those in front of the values. You can always make the changes and ask us if the changed files are correct.

Because php.ini values are not shared across directories, you would need a separate php.ini file in each folder that has .htaccess or that requires the php_values or php_flags. In order to avoid doing this, you can place a line in the .htaccess file in your public_html folder to have all values in your public_html php.ini to be shared across all folder. This line would be the following:

suPHP_ConfigPath /home/username/public_html

Lunarpages uses a special version of PHP called suPHP. suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.

Finally, to explain in depth why suPHP requires these changes to the file permissions, please note that suPHP runs scripts with the permissions of their owners. Regular PHP executes scripts under the permissions of the system user running the web server, which means that your script runs with different permissions than your own user account and makes it very hard to use a PHP script to modify and create files without giving everyone on the server access to your files (this means that on regular PHP you provide write or execute access to group and world even for some files).

Since suPHP makes your PHP scripts run with the same permissions as your regular user account, you do not need group or world write access or execute access for files and PHP will even prevent files from running that are group or world writable or executable as a security precaution.

666 equals the following:


Mode  User Group World
Read    4    4     4 (all checked)
Write   2    2     2 (all checked)
Execute              (none checked)

This makes group and world able to write to the file, a security risk.

777 equals the following:


Mode  User Group World
Read    4    4     4 (all checked)
Write   2    2     2 (all checked)
Execute 1    1     1 (all checked)

This makes group and world able to write and execute the file, a very large security risk.

Basically, suPHP is more secure, and preventing scripts from running as 666 or 777 prevents group or world from maliciously writing to the files and hacking your scripts.