The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

enable exec for one cpanel account only? suphp

Discussion in 'General Discussion' started by postcd, Jun 15, 2014.

  1. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    620
    Likes Received:
    6
    Trophy Points:
    18
    Have whm server, suphp, php 5.3.28 with Suhosin

    and in global php.ini it has exec function globally disabled, which is wanted for security.
    But one user script want exec function and this user is trustable and important so i want enable it for him only.

    When i add php.ini to the users root www folder with content:
    (not having exec function mentioned so one would expect this will overide global php.ini)

    and global php.ini has exec listed in disable functions, it returns error on website:
    At the bottom of global php.ini i have:
    (wanting to override global disable_functions for this particular PATH, as seen exec is not listed, not disabled, but that user script still returns above error saying exec is disabled..)

    There is some tutorial with Suhosin: https://forums.cpanel.net/f5/enable-shell_exec-one-user-109601.html#post588281
    but im unsure how to add that VirtualHost from WHM.

    Also there is an idea to disable PHP CLI for one domain (i have CLI in PHP):
    http://www.webhostingtalk.com/showthread.php?p=8751818#post8751818

    please any idea? i listen suhosin has its disable functions too and i would switch to other phphandler like fcgi if that would fix, please advice me what to do, what to try, thanks
     
    #1 postcd, Jun 15, 2014
    Last edited: Jun 16, 2014
  2. cPanelPeter

    cPanelPeter Technical Analyst III
    Staff Member

    Joined:
    Sep 23, 2013
    Messages:
    569
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    It would appear you are thinking that this is backwards. By adding "shell_exec" to the disable_functions (both globally and for that user) then it will disable that feature entirely. It does not mean that this option is ignored for that user.

    You should try to set:

    Code:
    [PATH=/home/usernamehere/public_html/folderhere]
    disable_functions = 
    
    See if that makes a difference.
     
  3. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    620
    Likes Received:
    6
    Trophy Points:
    18
    I tried this now commenting out my current rules and replacing my client username and foldername in the path you provided above. But when "exec" function is in global disable_functions, it still reports error "exec() has been disabled for security reasons" on the client webpage..
     
    #3 postcd, Jun 16, 2014
    Last edited: Jun 16, 2014
Loading...

Share This Page