Prologue
This stupid issue took me alot of time to solve so im creating this topic for myself and also other readers.
You have WHM/cPanel server and you have some client who require some PHP function to be enabled. Example functions: show_source, system, passthru, exec, shell_exec, popen, proc_open, allow_url_fopen
These functions are recommended to be disabled because it can hurt server security. If you believe in your client, then you can enable it for his account only.
So how to do this. It may not work for all PHP handlers (CGI, FastCGI, SuPHP, PDO).
I used SuPHP handler and this worked for my WHM/Cpanel server:
1. backup global server php.ini file, in my case: /usr/local/lib/php.ini
2. Open above mentioned php.ini
3. paste following code to the end of the file:
4. Then lookup for disable_functions directive instance in same file. Simply, first disable_functions directive should list php functions disabled for all accounts, globally. And by adding above mentioned code to the end of /usr/local/lib/php.ini file, you set special set of disabled functions just for mentioned PATH (user account).[PATH=/home/AccountNameWhereWantToAllowSomeFunction/public_html]
disable_functions = "show_source, system, passthru, shell_exec, popen, proc_open, allow_url_fopen"
5. Once file is saved, chnages should be instant.
One can veriffy that functions are enabled/disabled by using this php file.
that is all. veriffy all websites working after your change, you may try also restarting httpd/apache.
If above did NOT worked, one can do following:
Edit suPHP configuration file:
find this:vi /opt/suphp/etc/suphp.conf
and uncomment (remove ";" mark infront of them) those 3 directives and then restart Apache. As the text indicates, this will force all suPHP requests to use /usr/local/lib/php.ini for configuration options.[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.
;application/x-httpd-php=/usr/local/lib/
;application/x-httpd-php4=/usr/local/php4/lib/
;application/x-httpd-php5=/usr/local/lib/
=============
Warning: Please read and use following text only if you have time to spend/play/waste. Its not veriffied tutorial.
How to enable PHP function on one cPanel only?
First install Suhosin:
WHM / Software / EasyApache (Apache Update) / Start customizing based on profile / Next Step / Next Step / tick "Suhosin for PHP" and click "Save and Build" if u are sure you want to proceed. And then finish the build
You can veriffy that suhosin was installed by linux command: php -v
if not found, what about apache restart?
Then remove all disable_functions in PHP to to disable them later by Suhosin instead:
WHM / Service Configuration / PHP Configuration Editor/ select "Advanced".
Find: "disable_functions" and then cut & paste all these functions (example: show_source, system, passthru, exec, shell_exec, popen, proc_open, allow_url_fopen) to the safe place.
Save
Then disable functions you removed in previous steps by Suhosin:
Edit file "/usr/local/lib/php.ini" and add this line to it:
(or any other functions that you want to Globally disable)Code:suhosin.executor.func.blacklist = "show_source, system, passthru, exec, shell_exec, popen, proc_open, allow_url_fopen"
Then create/edit VirtualHost file for the domain of your customer (the customer who need the forbidden function allowed/enabled):
I'm going to use yourdomain.com for this example.
We're working from the /usr/local/apache/conf/userdata folder to start with. I'm assuming you don't want to set this up for SSL - if that's true then we'll navigate down into std, leaving us here:
/usr/local/apache/conf/userdata/std
Since you're running Apache 2.2.27 (command: httpd -v) you'll use the "2" folder, so we'll go here:
/usr/local/apache/conf/userdata/std/2
at this point you'd create a folder with the username for your domain. We'll say that cpanel username is "yourdom" and we'll navigate to that folder:
/usr/local/apache/conf/userdata/std/2/yourdom
Since domains can have multiple domains underneath them we'll need to specify that we're working with yourdomain.com, so we'll create that folder and navigate into it:
/usr/local/apache/conf/userdata/std/2/yourdom/yourdomain.com
At this point we need to create our .conf file named for example disabledfunctions.conf, so I created that (vi disabledfunctions.conf).
No add following code to that .conf file (in case you want to enable exec php function)
Save file and at this point you should be able to restart the Apache service and it should work as you expect. (veriffy user domain that loads properly)<VirtualHost 127.0.0.1>
<IfModule mod_php5.c>
php_admin_value suhosin.executor.func.blacklist = "exec"
</IfModule>
</VirtualHost>
To veriffy your function is disabled for that cpanel user, create file in that user account (example: /home/username/www/exectest.php) with content:
Run the file from users domain name and see what it return.<?php
if (function_exists('exec')) {
echo "Function is available/enabled for user";
} else {
echo "Function is unavailable/disabled for user";
}
?>
Reply With Quote
Bookmarks