Announcement

Collapse
No announcement yet.

php selector php.ini

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • php selector php.ini

    Is there somewhere saved a php.ini when someone use a different php version ?

    I know if I need something I can add it in the
    /etc/cl.selector/php.conf file.
    But how I can possibly add something like disable_functions
    and a list of the functions Id like to disable like system/exec/shell/shell_exec/passthrough and so on ?

  • #2
    Christos, all default values and directives are set in /opt/alt/phpXX/etc/php.ini file, where XX is php version. The files are not overwritten with the updates and is the right place to add customized values. You should set disable_functions in it and that will do the trick. And this should be done for all XX versions.

    As long as disable_functions are absent in /etc/cl.selector/php.conf it could not be modified by customers.

    Comment


    • #3
      I don want to force disabled_function, I want to add it as an option.
      So I can select it in specific users. A few apps needs stuff like exec or system (bad but...).
      Can do it globally.

      Comment


      • #4
        Not sure if I got you right, but do you want to
        - do not force using disable_functions
        - enable disable_functions for few users but protect it from modifying by users ?

        Comment


        • #5
          Yeap! An option to disable (or enable) functions per user account.

          For example I got a mathematician forum which needs latex. It uses it with exec().
          I cant globally disable all. And certainly I dont want to mess with servers configuration
          and have different configurations per server and be something like
          "hey it worked there, now that I transfer it in another server it stuck"
          (Of course I want to disable at least the 4 evil functions like shell/shell_exec/system and passthrough for various reasons like evil backdoors c99 style but..)

          So I need an option to somehow control disable_functions.
          Either if I got it globally disabled to enable it only for specific accounts
          or the opposite.

          From the other hand thinking again, having everyone in cagefs I dont know the usefulness of this,even if something gets backdoored, what it can do (it can use it for spam ok, but anything else?)

          Maybe I am just crazy enough :-)

          Comment


          • #6
            Even though account uses an alt PHP version and functions are disabled, and even though editing disable functions is not possible in PHP SELECTOR, user creates PHP.ini with
            disable_functions = NULL

            And no functions are disabled. This poses great security risk, what can I do about this?

            Comment


            • #7
              Hello Luca,
              to answer your question more precisely, we need to know your environment configuration, panel, PHP handler, etc, so it would be better if you submit a ticket to https://cloudlinux.zendesk.com/hc/en-us/requests/new

              Thank you!

              Comment


              • #8
                I prefer not to submit a ticket.
                My PHP Handler is suPHP.
                For alt-php versions.
                And running cPanel, CloudLinux was installed on latest CENTOS 7 64bit

                Comment


                • #9
                  Hi,

                  Same question. I have CloudLinux, DirectAdmin, lsphp (alt-php 5.6, 7.0, 7.3, 7.4).. cant make it work in cagefs or global php .. but i noticed this is related to secure_php settings in directadmin..

                  Please advise.

                  Comment


                  • #10
                    LSWS Enterprise too.

                    Comment


                    • #11
                      > Hi,
                      >
                      > Same question. I have CloudLinux, DirectAdmin, lsphp (alt-php 5.6, 7.0, 7.3, 7.4).. cant make it work in cagefs or global php .. but i noticed this is related to secure_php settings in directadmin..
                      >
                      > Please advise.

                      Hello,
                      Thank you for reaching out! Can you open a support ticket https://cloudlinux.zendesk.com/hc/en-us/requests/new ? And technical experts will help you asap. You can post the ticket number here and well link this thread to it.
                      Thank you.

                      Comment

                      Working...
                      X