You will need to remove php_value and php_flag from ALL .htaccess files you may have
in httpd.conf
<Directory "/var/www/html/sample.com/html"> Options FollowSymLinks AllowOverride All </Directory>
In .htaccess under public_html, add the following:
suPHP_ConfigPath /var/www/html/sample.com/html ##disallow anyone to access this file <files php.ini> order allow,deny deny from all </Files> <files “.ht*”> deny from all </files>
In php.ini
register_globals = On post_max_size 6M upload_max_filesize 6M max_execution_time 90 max_input_time 90 .... #NOTE: this custom php.ini uses default php.ini setting like memory_limt = 8M. Check phpinfo()
new Custom php.ini setting:
max_execution_time = 160 max_input_time = 160 memory_limit = 50M post_max_size = 50M upload_max_filesize = 50M upload_tmp_dir = "/tmp/phpupload" display_errors = Off allow_url_fopen = Off disable_functions = "dl, exec, shell_exec, system, passthru, popen, pclose, proc_open, proc_nice, proc_terminate, proc_ get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid , posix_setuid, escapeshellcmd, escapeshellarg" expose_php = Off
#chown user:group .htaccess #chown user:group php.ini
To disable the .htaccess, you have to move the .htaccess and php.ini out of the way.
====================================================
When SuPHP is enabled, it is no longer possible to to
include php_value directives in .htaccess files.
Instead of adding these directives to your .htaccess file, add them into
a file called php.ini and place this file in the same directory that
your script runs in. Most often this will be public_html directory, but
in some cases you will install your script in a subdirectory. Wherever
your script runs, this is the place for your php.ini file. You will need
to drop the "php_flag" and "php_value" prefix. You will also need to
put an equals (=) sign between the setting and the value.
For example, if your script recommends these settings in a .htaccess file:
php_value upload_max_filesize 10M
php_value post_max_size 10
php_value max_execution_time 60
Put these directives in a php.ini file instead. Here is the proper syntax:
upload_max_filesize = 10M
post_max_size = 10M
To correct the permission on the files and directory:
#!/bin/bash
for user in `ls /var/cpanel/users`; do
chown -R ${user}:${user} /home/${user}/public_html
chmod 755 /home/${user}/public_html
find /home/${user}/public_html -group nobody -exec chgrp ${user} {} \; -print0
find /home/${user}/public_html -perm 777 -type d -exec chmod 755 {} \; -print0
find /home/${user}/public_html -perm 666 -type f -exec chmod 644 {} \; -print0
find /home/${user}/public_html -perm 777 -type f -exec chmod 644 {} \; -print0
done
To remove ‘php_value’ from the .htaccess file:find /home/*/public_html/. -type f -exec sed -i "s/php_value/###php_value/" {} \;
REFERENCES
http://www.hostingcustomers.com/showthread.php?tid=416
http://support.lunarpages.com/knowledge_bases/article/319
http://forums.cpanel.net/f5/switching-suphp-remove-php_value-correct-permission-98649.html
http://www.xxoom.com/linux/htaccess-suphp-php_value-_flag-php-ini
