Custom php.ini in cloudlinux

[ANKUR KUMAR]

Previously i had a CentOS server without cloud linux

There used to be many types of attacks specially mysql injection , symlink attack !

What previously i used to do is uncomment 3 lines in root file :

Like this :

[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.
application/x-httpd-php=/usr/local/lib/
application/x-httpd-php4=/usr/local/php4/lib/
application/x-httpd-php5=/usr/local/lib/




This helped us by not allowing my customer or an attacker to create custom php.ini and access whole server .

Now i am using cloud linux with cagefs and secure links enabled .

Should i now allow my customers to create their custom php.ini file ?

Will they be able to access any other users account hosted on the same server in /home ,

or see the list of accounts on the same server
or access root if an attacker or the user itself enable all functions , will he be able to gain any kindly of root access to the server ?

my user ping me that they want their own php.ini file !

Please help how do i handle this !

Also if 2-3 users need custom php.ini , can i enable this specifically for them ?

 

[cPanelMichael]

Hello

Are you using PHP Selector for Cloud Linux? If so, the following documentation should be helpful to you:

Individual PHP.ini files

Also, the following post should address your concerns about symbolic links:

Solutions for handling symlink attacks

Thank you.

 

[ANKUR KUMAR]

Yes i am using php Selector for cloud linux .

Which one i should go for in the above link ?
mod_ruid + jailshell or cagefs

I already have Cage FS with securelinks enabled

should i add up other solution mod_ruid + jailshell or cagefs is sufficient .. I think its enough ! Is it ?

 

[cPanelMichael]

Yes, CageFS is listed as an alternative to "mod_ruid + jailshell". Both are not required.

Thank you.