It normally can be disabled for security reasons. There are some security concerns you can find online for discussions about it such as this one from 2008:
PHP proc_open() safe_mode bypass - security vulnerabilities database
I'd suggest disabling it for all the accounts and then allowing only one account to run it. As you are using suPHP, you could try doing it this way following my guide. Pick the method corresponding to your PHP version (5.3+ or 5.2 or earlier):
For those using DSO, the following method could be done:
1. Install suHosin
First, check if suHosin is already installed:
If you see something like the following, then it's already there:
If it isn't installed, run this command:
# php -v
PHP 5.2.9 (cli) (built: Dec 25 2009 12:43:49)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH
After it's been added to /usr/local/lib/php.ini, then add the following line to /usr/local/lib/php.ini:
/scripts/phpextensionmgr install PHPSuHosin
Please comment out disable_functions if you were using that previously. Anything you had in disable_functions would go into the suhosin.executor.func.blacklist now.
suhosin.executor.func.blacklist = "proc_open"
After making that change to disable proc_open globally, then create the following for the account you will be allowing to have proc_open available:
For the above, std represents http. If you need this for https, you'd do ssl for the path. 2 represents Apache 2 and 2.2, if you are using Apache 1, then you'd use 1 for the path. username is the cPanel username for the account.
mkdir -p /usr/local/apache/conf/userdata/std/2/username
echo 'php_admin_flag suhosin.executor.func.blacklist "proc_open"' > /usr/local/apache/conf/userdata/std/2/username/suhosin.conf
Now, run the following command to verify the include:
If each checks out OK, you'd then run this command to check this include into the system:
Now, rebuild Apache and restart it (rebuilding isn't entirely necessary in this instance, but I normally just do it as a precaution to ensure everything is working fine):
Then that one account should work under DSO PHP handler for proc_open while all others will not be able to use it.
I cannot state for FCGI and CGI how to accomplish this. Under PHP 5.3, it might be possible to use the method I mention in my suPHP guide that I linked to earlier.