ANKUR KUMAR

Active Member
Oct 28, 2012
26
0
1
India
cPanel Access Level
Root Administrator
Previously i had a CentOS server without cloud linux

There used to be many types of attacks specially mysql injection , symlink attack !

What previously i used to do is uncomment 3 lines in root file :

Like this :

[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.
application/x-httpd-php=/usr/local/lib/
application/x-httpd-php4=/usr/local/php4/lib/
application/x-httpd-php5=/usr/local/lib/




This helped us by not allowing my customer or an attacker to create custom php.ini and access whole server .

Now i am using cloud linux with cagefs and secure links enabled .

Should i now allow my customers to create their custom php.ini file ?

Will they be able to access any other users account hosted on the same server in /home ,

or see the list of accounts on the same server
or access root if an attacker or the user itself enable all functions , will he be able to gain any kindly of root access to the server ?

my user ping me that they want their own php.ini file !

Please help how do i handle this !

Also if 2-3 users need custom php.ini , can i enable this specifically for them ?
 

ANKUR KUMAR

Active Member
Oct 28, 2012
26
0
1
India
cPanel Access Level
Root Administrator
Yes i am using php Selector for cloud linux .

Which one i should go for in the above link ?
mod_ruid + jailshell or cagefs

I already have Cage FS with securelinks enabled

should i add up other solution mod_ruid + jailshell or cagefs is sufficient .. I think its enough ! Is it ?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Yes, CageFS is listed as an alternative to "mod_ruid + jailshell". Both are not required.

Thank you.