Security: PHP as Apache Module

My current host has recently switched their PHP from a straight Apache module to a CGI, using phpsuexec. They tell me that this is because there is no way to give security from one user to the next on a shared server because the PHP scripts all run as the "nobody" user, and that jailing the user's scripts using suexec stops this from happening. My own rudimentary research confirms this, not that I ever expected them to lie to me. Security: PHP as Apache Module

The problem is this - some of my .htaccess directives no longer work due to the current compile of PHP. I specifically need the ability to set PHP vars per-directory, particularly arg_separator.input, arg_separator.output, and register_globals, and none of the solutions they have given me work. I believe I have no way to use ForceType, as it's not working under my current setup either (and I was hoping to use it in a near-future project).

So what I'm looking for is one of two things:
1. Is there a way that a Linux server running Apache with cPanel can be secured so that PHP can run as an Apache module without suexec?
2. If not, is there a definitive way that I can fully access .htaccess directives under suexec?

I apologize if this post doesn't give enough information to go on. I'm kind of a front-end guy, and I don't know much about server administration. I just am hoping for an objective response so that I don't simply have to accept a "we can't do that" answer from the host. Thanks a lot.

 

 

 

 

Top