suPHP & php.ini configuration

[Kurieuo]

I recently made the move to suPHP. I must say, despite my research saying how much security if offers, I am looking back just a little.

For example, I do not like how a local php.ini file can be used to overwrite settings I'd prefer not overwritable in the main php.ini file. It would also be good to lock certain settings in, like memory_limit. I already have one user using more memory than I'd like them to, although I've added restrictions in my resource monitor to try counter this. *sigh* .

I also do not like the fact if a local php.ini file is created, all settings within the main php.ini configuration are ignored, even though the local php.ini may not overwrite such settings. I do love that users are bound to their own names, but surely there is a way to configure suPHP or something to include the main php.ini settings in the local php.ini file by default without the user having to copy and paste all the settings in?

[JawadArshad]

I recently made the move to suPHP. I must say, despite my research saying how much security if offers, I am looking back just a little.

For example, I do not like how a local php.ini file can be used to overwrite settings I'd prefer not overwritable in the main php.ini file. It would also be good to lock certain settings in, like memory_limit. I already have one user using more memory than I'd like them to, although I've added restrictions in my resource monitor to try counter this. *sigh* .

I also do not like the fact if a local php.ini file is created, all settings within the main php.ini configuration are ignored, even though the local php.ini may not overwrite such settings. I do love that users are bound to their own names, but surely there is a way to configure suPHP or something to include the main php.ini settings in the local php.ini file by default without the user having to copy and paste all the settings in?

Yes, sometimes you do not want users to overwrite the parameters like memory_limit max_execution_time etc. A workaround would be to define a specific php.ini file with your preferred settings and add the following directive to the .htaccess file of the account where you want these settings.

suPHP_ConfigPath /path/to/folder

The php.ini file placed in 'folder' will be used. If you do not want users to change these settings, simply chattr the .htaccess file and make it immutable. Not the best solution as it may prevent users from applying redirects.

[britsenigma]

"For example, I do not like how a local php.ini file can be used to overwrite settings"

You can lock this when you build apache. Do a Find for ".ini" under Exhaustive options and you'll find the tickbox, can't the exact name.