The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Custom non user accessible php.ini for some accounts suPHP

Discussion in 'Security' started by EneTar, Dec 19, 2015.

  1. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Hello I'm really new to this and I try to set all the accounts to use the global php.ini but some accounts to use a custom php.ini on which they will not have any access to modify it.

    My environment is
    Code:
    /etc/redhat-release:CentOS release 6.7 (Final)
    /usr/local/cpanel/version:11.52.1.3
    /var/cpanel/envtype:kvm
    CPANEL=release
    Server version: Apache/2.4.12 (Unix)
    Server built:   Jul 19 2015 21:47:11
    Cpanel::Easy::Apache v3.30.3 rev9999
    PHP 5.4.43 (cli) (built: Jul 19 2015 21:57:01)
    Copyright (c) 1997-2014 The PHP Group
    Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
    mysql  Ver 14.14 Distrib 5.5.46, for Linux (x86_64) using readline 5.1
    Reading the forums I've done this so far
    1)Uncommented the file /opt/suphp/etc/suphp.conf
    Code:
    [phprc_paths]
    ;Uncommenting these will force all requests to that handler to use the php.ini
    ;in the specified directory regardless of suPHP_ConfigPath settings.
    application/x-httpd-php=/usr/local/lib/
    application/x-httpd-php4=/usr/local/php4/lib/
    application/x-httpd-php5=/usr/local/lib/
    
    2) Created the file /usr/local/apache/conf/userdata/suphp_configpath.conf
    Code:
    <IfModule mod_suphp.c>
    <Location />
    suPHP_ConfigPath [B]/usr/local/lib/[/B]
    </Location>
    </IfModule>
    

    3) I created the /usr/local/apache/conf/userdata/std/2/restrictedaccount1/suphp_configpath.conf
    Code:
    <IfModule mod_suphp.c>
    <Location />
    suPHP_ConfigPath [B]/home/custom-account-phps/restrictedaccount1/[B]
    </Location>
    </IfModule>
    4)and the /usr/local/apache/conf/userdata/ssl/2/restrictedaccount1/suphp_configpath.conf
    Code:
    <IfModule mod_suphp.c>
    <Location />
    suPHP_ConfigPath [B]/home/custom-account-phps/restrictedaccount1/[B]
    </Location>
    </IfModule>
    5)Then
    Code:
    # /scripts/verify_vhost_includes
    Testing /usr/local/apache/conf/userdata/suphp_configpath.conf...ok
    Testing /usr/local/apache/conf/userdata/std/2/restrictedaccount1/suphp_configpath.conf...ok
    Testing /usr/local/apache/conf/userdata/ssl/2/restrictedaccount1/suphp_configpath.conf...ok
    # /scripts/ensure_vhost_includes --all-users
    Built /usr/local/apache/conf/httpd.conf OK
    # /scripts/ensure_vhost_includes --user=restrictedaccount1
    and then I don't know what to do...I checked the phpinfo of the restrictedacount1 website through the browser and it still uses the global php.ini
    Have I done anything wrong? I have to say that, even before I do step 1, placing a custom php.ini at the user's account did not change anything the account still used the global php.ini

    Thank you
     
  2. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Still haven't managed to do anything, any ideas would be much appreciated. Is there any other way than the method I followed to do this?
     
  3. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Found this thread digging...
    In PHP 5.4 what is the right way to have a custom php.ini per user and protect it from the user?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,734
    Likes Received:
    661
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Yes I actually opened a new thread a few days ago here Custom non user accessible php.ini for some accounts suPHP There I have all the steps I followed to do what I want and the output I got.

    I'm reading now the link you have given me, I notice the .my.ini suggestion, and trying to find if it can help
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,734
    Likes Received:
    661
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  7. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Ok I understand that but you could at least copy my post from that thread here, now I can't explain to someone what's going on to help me because those methods don't work for me.. neither the old method nor the new one using the [PATH=/home/username] work for me. In addition I don't know why but I can't place any custom php.ini files for any user. They all listen to global one.

    So in which thread should I ask now?
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,734
    Likes Received:
    661
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I've merged all of the posts back into your original thread. Please remember to only submit an issue to a single thread going forward to avoid this type of issue. Submitting multiple posts or bumping a thread is not permitted, and does not serve to get a quicker response.

    Thank you.
     
  9. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    I believe your issue may be with:

    ;Uncommenting these will force all requests to that handler to use the php.ini
    ;in the specified directory regardless of suPHP_ConfigPath settings.

    If you uncommented those and then try to set suPHP_ConfigPath later, you have conflicting changes.
     
  10. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Thank you for your answer but I tried both options, commented or not it doesn't work.

    Currently I have installed PHP 5.5 and reverted the settings back to the original.

    Code:
    /etc/redhat-release:CentOS release 6.7 (Final)
    /usr/local/cpanel/version:11.52.1.3
    /var/cpanel/envtype:kvm
    CPANEL=release
    Server version: Apache/2.4.16 (Unix)
    Server built:   Dec 22 2015 18:12:08
    Cpanel::Easy::Apache v3.32.6 rev9999
    PHP 5.5.30 (cli) (built: Dec 22 2015 18:18:37)
    Copyright (c) 1997-2015 The PHP Group
    Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
        with the ionCube PHP Loader v4.7.5, Copyright (c) 2002-2014, by ionCube Ltd.
    mysql  Ver 14.14 Distrib 5.5.46, for Linux (x86_64) using readline 5.1
    
    I think that the problem is that it doesn't let me by default to add custom php.ini for any /home/username/ or /home/username/public_html First I think should fix this one and later try to move the php.ini outside of the account not accessible by the user.

    I have also tried this:
    [PATH=home/username/]
    session.save_path="home/username/php_sessions";

    at the bottom of the global php.ini but checking phpinfo from the browser it still loads the value from /usr/local/lib/php.ini

    Something that I noticed from phpinfo is that next to "Server API" it shows "CGI/FastCGI" shouldn't it display something like suphp? In WHM under "Configure PHP and suEXEC" it is selected suPHP.
     
  11. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    It is normal for "Server API" on phpinfo to show CGI/FastCGI with SuPHP. SuPHP is basically CGI just with switched user.

    Try ruling things out in a simple fashion. If you put a php.ini in /home/username/public_html and set

    suPHP_ConfigPath /home/user/public_html

    Does phpinfo show the proper loaded .ini file?
     
  12. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Thank you for your answer. Yes setting suPHP_ConfigPath /home/user/public_html and running phpinfo it returns the correct php.ini however it turns that php.ini as the global one. Everything was preinstalled and now I'm wiping the basics and install everything again. I will have results in a while, I suppose it's going to work
     
  13. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Created a fresh install and tried directly to use the [PATH=/home/username/] in the global php.ini and it works.

    Haven't tried the old method and I'm not sure if I will. I have also uncommented the lines in /opt/suphp/etc/suphp.conf
     
Loading...

Share This Page