enable exec for one cpanel account only? suphp

postcd

Well-Known Member
Oct 22, 2010
721
20
68
Have whm server, suphp, php 5.3.28 with Suhosin

and in global php.ini it has exec function globally disabled, which is wanted for security.
But one user script want exec function and this user is trustable and important so i want enable it for him only.

When i add php.ini to the users root www folder with content:
disable_functions = "shell_exec"
(not having exec function mentioned so one would expect this will overide global php.ini)

and global php.ini has exec listed in disable functions, it returns error on website:
Warning: exec() has been disabled for security reasons in ...
At the bottom of global php.ini i have:
[PATH=/home/usernamehere/public_html/folderhere]
disable_functions = show_source, system, passthru, shell_exec, popen, proc_open, allow_url_fopen
(wanting to override global disable_functions for this particular PATH, as seen exec is not listed, not disabled, but that user script still returns above error saying exec is disabled..)

There is some tutorial with Suhosin: https://forums.cpanel.net/f5/enable-shell_exec-one-user-109601.html#post588281
but im unsure how to add that VirtualHost from WHM.

Also there is an idea to disable PHP CLI for one domain (i have CLI in PHP):
http://www.webhostingtalk.com/showthread.php?p=8751818#post8751818

please any idea? i listen suhosin has its disable functions too and i would switch to other phphandler like fcgi if that would fix, please advice me what to do, what to try, thanks
 
Last edited:

cPanelPeter

Senior Technical Analyst
Staff member
Sep 23, 2013
584
24
143
cPanel Access Level
Root Administrator
Hello,

It would appear you are thinking that this is backwards. By adding "shell_exec" to the disable_functions (both globally and for that user) then it will disable that feature entirely. It does not mean that this option is ignored for that user.

You should try to set:

Code:
[PATH=/home/usernamehere/public_html/folderhere]
disable_functions =
See if that makes a difference.
 

postcd

Well-Known Member
Oct 22, 2010
721
20
68
You should try to set:

Code:
[PATH=/home/usernamehere/public_html/folderhere]
disable_functions =
See if that makes a difference.
I tried this now commenting out my current rules and replacing my client username and foldername in the path you provided above. But when "exec" function is in global disable_functions, it still reports error "exec() has been disabled for security reasons" on the client webpage..
 
Last edited:

postcd

Well-Known Member
Oct 22, 2010
721
20
68
Hello,

This topic - Link Removed Merged Threads - lacks solution so i am creating duplicate topic (if that is wrong, i apologize but can not update mentioned topic of mine)

Please how do i have PHP exec() disabled for all cpanels, except one or more selected ones? Or enabled per folder.

I have updated WHM/cPanel on CentOS 6
Server version: Apache/2.2.29 (Unix)
Cpanel::Easy::Apache v3.30.3 rev9999
PHP 5.3.29 (cli)
SuPHP
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,236
463
Please how do i have PHP exec() disabled for all cpanels, except one or more selected ones? Or enabled per folder.

I have updated WHM/cPanel on CentOS 6
Server version: Apache/2.2.29 (Unix)
Cpanel::Easy::Apache v3.30.3 rev9999
PHP 5.3.29 (cli)
SuPHP
Hello,

The following third-party URL explains how to do this:

How to enable exec() (PHP Configuration)

Thank you.