php.ini per dir with php running as cgi

[vesko]

Hello,

Because of security concerns I'm running php as CGI+suexec instead as a module. How in this configuration I can have a php.ini per dir (or at least php.ini per virtual host)? I tried to replace the /usr/local/scripts/cgi-bin/php5 with a wrapper (intending to use the PHPRC variable) but immediately run into suexec security restrictions. Before continuing the struggle with the wrapper & suexec I decided to ask here:
Is there a way using WHM to set this, or any other "canonical" way to do it?
Any hints are welcome.

[sabarishks]

1. Moving php5 binary:

mv /usr/local/cpanel/cgi-sys/php5 /usr/local/cpanel/cgi-sys/php5.bin

2. Then creating wrapper file in the /usr/local/cpanel/cgi-sys/php5 with the following content:

#!/bin/bash

# This will fake the name & path and hide the /usr/local/cpanel/cgi-sys/php5 path!
export SCRIPT_NAME=$REQUEST_URI
export SCRIPT_FILENAME=$PATH_TRANSLATED
export PWD=$DOCUMENT_ROOT

if [ -f "$DOCUMENT_ROOT/php.ini" ]; then
exec /usr/local/cpanel/cgi-sys/php5.bin -c $DOCUMENT_ROOT
else
exec /usr/local/cpanel/cgi-sys/php5.bin
fi

3. Save the file and change the permissons:

chown root:wheel /usr/local/cpanel/cgi-sys/php5*;
chmod 755 /usr/local/cpanel/cgi-sys/php5*;

[kenashkov]

Hi,
I managet to get it working per virtual host with this wrapper (I also came up to the idea that it has to be chowned to root/wheel ):

Code:

#!/bin/sh
user=`whoami`
export PHPRC=/home/$user/public_html
exec /usr/local/cpanel/cgi-sys/php5bin

I reworked your wrapper to look like this:

Code:

#!/bin/bash

# This will fake the name & path and hide the /usr/local/cpanel/cgi-sys/php5 path!
export PWD=$DOCUMENT_ROOT

export PHPRC=`dirname $PATH_TRANSLATED`/php.ini

exec /usr/local/cpanel/cgi-sys/php5bin

The PWD has to be exported to hide the path.
I prefer to use the PHPRC, because it will just look in the specified directory for php.ini, because with the '-c' you have to first check does the files exists (as you do in your example).

[cPanelKenneth]

Use mod_suphp. It will give you what you want, without having to jump through hoops with fragile wrappers.