> Hi,
>
> Same question. I have CloudLinux, DirectAdmin, lsphp (alt-php 5.6, 7.0, 7.3, 7.4).. cant make it work in cagefs or global php .. but i noticed this is related to secure_php settings in directadmin..
>
> Please advise.

Hello,
Thank you for reaching out! Can you open a support ticket https://cloudlinux.zendesk.com/hc/en-us/requests/new ? And technical experts will help you asap. You can post the ticket number here and well link this thread to it.
Thank you.

LSWS Enterprise too.

Hi,

Same question. I have CloudLinux, DirectAdmin, lsphp (alt-php 5.6, 7.0, 7.3, 7.4).. cant make it work in cagefs or global php .. but i noticed this is related to secure_php settings in directadmin..

Please advise.

I prefer not to submit a ticket.
My PHP Handler is suPHP.
For alt-php versions.
And running cPanel, CloudLinux was installed on latest CENTOS 7 64bit

Hello Luca,
to answer your question more precisely, we need to know your environment configuration, panel, PHP handler, etc, so it would be better if you submit a ticket to https://cloudlinux.zendesk.com/hc/en-us/requests/new

Thank you!

Even though account uses an alt PHP version and functions are disabled, and even though editing disable functions is not possible in PHP SELECTOR, user creates PHP.ini with
disable_functions = NULL

And no functions are disabled. This poses great security risk, what can I do about this?

Yeap! An option to disable (or enable) functions per user account.

For example I got a mathematician forum which needs latex. It uses it with exec().
I cant globally disable all. And certainly I dont want to mess with servers configuration
and have different configurations per server and be something like
"hey it worked there, now that I transfer it in another server it stuck"
(Of course I want to disable at least the 4 evil functions like shell/shell_exec/system and passthrough for various reasons like evil backdoors c99 style but..)

So I need an option to somehow control disable_functions.
Either if I got it globally disabled to enable it only for specific accounts
or the opposite.

From the other hand thinking again, having everyone in cagefs I dont know the usefulness of this,even if something gets backdoored, what it can do (it can use it for spam ok, but anything else?)

Maybe I am just crazy enough :-)

Not sure if I got you right, but do you want to
- do not force using disable_functions
- enable disable_functions for few users but protect it from modifying by users ?

I don want to force disabled_function, I want to add it as an option.
So I can select it in specific users. A few apps needs stuff like exec or system (bad but...).
Can do it globally.

Christos, all default values and directives are set in /opt/alt/phpXX/etc/php.ini file, where XX is php version. The files are not overwritten with the updates and is the right place to add customized values. You should set disable_functions in it and that will do the trick. And this should be done for all XX versions.

As long as disable_functions are absent in /etc/cl.selector/php.conf it could not be modified by customers.