Block php.ini on accounts

[AlexisMeroni]

Hello !
On global php.ini i have change for security reasons :

 magic_quotes = On
safe_mode = On
expose_php = Off
Enable_dl = Off
register_globals = off
display_errors = off
disable_functions = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd, ini_set, popen, proc_open, allow_url_fopen

But if a account create a php.ini file on /public_html with

safe_mode = On

there functions are reactivated.
I do not know what to do to secure my cPanel maximum.
Thank you in advance for your help

 

[AlexisMeroni]

Can you help me ? :s Please

 

[quietFinn]

Do you use suPHP in your server?

 

[AlexisMeroni]

I don't Know x)

- - - Updated - - -

I've attached a screen.

 

[quietFinn]

Seems you use suPHP.

You must edit file /opt/suphp/etc/suphp.conf
and find these lines:

[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.
;application/x-httpd-php=/usr/local/lib/  
;application/x-httpd-php4=/usr/local/php4/lib/  
;application/x-httpd-php5=/usr/local/lib/

and change them to be like this:

[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.
application/x-httpd-php=/usr/local/lib/  
application/x-httpd-php4=/usr/local/php4/lib/  
application/x-httpd-php5=/usr/local/lib/

 

[AlexisMeroni]

Thats OK .
I restart apache?
Do you Know others security fails ?

 

[quietFinn]

Thats OK .
I restart apache?

Not needed.

 

[AlexisMeroni]

Ok
and do you Know others security fails ?

 

[quietFinn]

The subject of this thread is "Block php.ini on accounts", and seems that you got your answer.
If you have other questions you must post another thread.

 

[cPanelMichael]

Hello

The following thread may interest you:

Methods to increase suPHP Security

Thank you.

 

[AlexisMeroni]

Thanks You all !