Custom non user accessible php.ini for some accounts suPHP

[EneTar]

Hello I'm really new to this and I try to set all the accounts to use the global php.ini but some accounts to use a custom php.ini on which they will not have any access to modify it.

My environment is

/etc/redhat-release:CentOS release 6.7 (Final)
/usr/local/cpanel/version:11.52.1.3
/var/cpanel/envtype:kvm
CPANEL=release
Server version: Apache/2.4.12 (Unix)
Server built:   Jul 19 2015 21:47:11
Cpanel::Easy::Apache v3.30.3 rev9999
PHP 5.4.43 (cli) (built: Jul 19 2015 21:57:01)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
mysql  Ver 14.14 Distrib 5.5.46, for Linux (x86_64) using readline 5.1

Reading the forums I've done this so far
1)Uncommented the file /opt/suphp/etc/suphp.conf

[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.
application/x-httpd-php=/usr/local/lib/
application/x-httpd-php4=/usr/local/php4/lib/
application/x-httpd-php5=/usr/local/lib/

2) Created the file /usr/local/apache/conf/userdata/suphp_configpath.conf

<IfModule mod_suphp.c>
<Location />
suPHP_ConfigPath [B]/usr/local/lib/[/B]
</Location>
</IfModule>

3) I created the /usr/local/apache/conf/userdata/std/2/restrictedaccount1/suphp_configpath.conf

<IfModule mod_suphp.c>
<Location />
suPHP_ConfigPath [B]/home/custom-account-phps/restrictedaccount1/[B]
</Location>
</IfModule>

4)and the /usr/local/apache/conf/userdata/ssl/2/restrictedaccount1/suphp_configpath.conf

<IfModule mod_suphp.c>
<Location />
suPHP_ConfigPath [B]/home/custom-account-phps/restrictedaccount1/[B]
</Location>
</IfModule>

5)Then

# /scripts/verify_vhost_includes
Testing /usr/local/apache/conf/userdata/suphp_configpath.conf...ok
Testing /usr/local/apache/conf/userdata/std/2/restrictedaccount1/suphp_configpath.conf...ok
Testing /usr/local/apache/conf/userdata/ssl/2/restrictedaccount1/suphp_configpath.conf...ok
# /scripts/ensure_vhost_includes --all-users
Built /usr/local/apache/conf/httpd.conf OK
# /scripts/ensure_vhost_includes --user=restrictedaccount1

and then I don't know what to do...I checked the phpinfo of the restrictedacount1 website through the browser and it still uses the global php.ini
Have I done anything wrong? I have to say that, even before I do step 1, placing a custom php.ini at the user's account did not change anything the account still used the global php.ini

Thank you

 

[EneTar]

Still haven't managed to do anything, any ideas would be much appreciated. Is there any other way than the method I followed to do this?

 

[EneTar]

Found this thread digging...
In PHP 5.4 what is the right way to have a custom php.ini per user and protect it from the user?

 

[cPanelMichael]

In PHP 5.4 what is the right way to have a custom php.ini per user and protect it from the user?

Could you elaborate if the existing methods explained on this thread are not working? Also, please review this thread:

Methods to Increase Security on suPHP - Restricting who can use php.ini files

Thank you.

 

[EneTar]

Yes I actually opened a new thread a few days ago here Custom non user accessible php.ini for some accounts suPHP There I have all the steps I followed to do what I want and the output I got.

I'm reading now the link you have given me, I notice the .my.ini suggestion, and trying to find if it can help

 

[cPanelMichael]

Note that I have removed your additional thread since there's no need to post about the same topic multiple times.

Thank you.

 

[EneTar]

Ok I understand that but you could at least copy my post from that thread here, now I can't explain to someone what's going on to help me because those methods don't work for me.. neither the old method nor the new one using the [PATH=/home/username] work for me. In addition I don't know why but I can't place any custom php.ini files for any user. They all listen to global one.

So in which thread should I ask now?

 

[cPanelMichael]

Hello

I've merged all of the posts back into your original thread. Please remember to only submit an issue to a single thread going forward to avoid this type of issue. Submitting multiple posts or bumping a thread is not permitted, and does not serve to get a quicker response.

Thank you.

 

[quizknows]

I believe your issue may be with:

;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.

If you uncommented those and then try to set suPHP_ConfigPath later, you have conflicting changes.

 

[EneTar]

Thank you for your answer but I tried both options, commented or not it doesn't work.

Currently I have installed PHP 5.5 and reverted the settings back to the original.

/etc/redhat-release:CentOS release 6.7 (Final)
/usr/local/cpanel/version:11.52.1.3
/var/cpanel/envtype:kvm
CPANEL=release
Server version: Apache/2.4.16 (Unix)
Server built:   Dec 22 2015 18:12:08
Cpanel::Easy::Apache v3.32.6 rev9999
PHP 5.5.30 (cli) (built: Dec 22 2015 18:18:37)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
    with the ionCube PHP Loader v4.7.5, Copyright (c) 2002-2014, by ionCube Ltd.
mysql  Ver 14.14 Distrib 5.5.46, for Linux (x86_64) using readline 5.1

I think that the problem is that it doesn't let me by default to add custom php.ini for any /home/username/ or /home/username/public_html First I think should fix this one and later try to move the php.ini outside of the account not accessible by the user.

I have also tried this:
[PATH=home/username/]
session.save_path="home/username/php_sessions";

at the bottom of the global php.ini but checking phpinfo from the browser it still loads the value from /usr/local/lib/php.ini

Something that I noticed from phpinfo is that next to "Server API" it shows "CGI/FastCGI" shouldn't it display something like suphp? In WHM under "Configure PHP and suEXEC" it is selected suPHP.

 

[quizknows]

It is normal for "Server API" on phpinfo to show CGI/FastCGI with SuPHP. SuPHP is basically CGI just with switched user.

Try ruling things out in a simple fashion. If you put a php.ini in /home/username/public_html and set

suPHP_ConfigPath /home/user/public_html

Does phpinfo show the proper loaded .ini file?

 

[EneTar]

Thank you for your answer. Yes setting suPHP_ConfigPath /home/user/public_html and running phpinfo it returns the correct php.ini however it turns that php.ini as the global one. Everything was preinstalled and now I'm wiping the basics and install everything again. I will have results in a while, I suppose it's going to work

 

[EneTar]

Created a fresh install and tried directly to use the [PATH=/home/username/] in the global php.ini and it works.

Haven't tried the old method and I'm not sure if I will. I have also uncommented the lines in /opt/suphp/etc/suphp.conf