The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Enable shell_exec() for one user!?

Discussion in 'General Discussion' started by parisdns, Mar 3, 2009.

  1. parisdns

    parisdns Active Member

    Joined:
    Aug 4, 2004
    Messages:
    42
    Likes Received:
    1
    Trophy Points:
    6
    Location:
    PrivateLayer.com
    How could I enable shell_exec() only for one user? Thanks.
     
    postcd likes this.
  2. cg4host

    cg4host Registered

    Joined:
    Sep 12, 2008
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    i wait the replay
     
  3. JPC-Shaun

    JPC-Shaun Well-Known Member

    Joined:
    Oct 29, 2008
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Hi;

    It is only possible if you have installed suhosin extentions in your server.

    Below are the exact steps to enable a particular PHP function:

    1. Remove all functions from disable_functions in php.ini
    2. Add functions in php.ini suhosin.executor.func.blacklist = “” those you want to disable globally.

    After that in the virtual host section of a domain you can add below code to enable a function only for one domain:

    <VirtualHost 127.0.0.1>
    ………..
    <IfModule mod_php5.c>
    php_admin_value suhosin.executor.func.blacklist = “shell_exec”
    </IfModule>
    ……
    </VirtualHost>

    In this example shell_exec has been enabled for the VirtualHost.
     
  4. rlshosting

    rlshosting Well-Known Member

    Joined:
    Apr 23, 2009
    Messages:
    170
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    I changed this in httpd.conf:
    Code:
    <VirtualHost 174.136.xx.xxx:80>
    <IfModule mod_php5.c>
    php_admin_value suhosin.executor.func.blacklist = “shell_exec”
    </IfModule>
    ServerName domain.com
    ServerAlias domain.com
    DocumentRoot /home/username/public_html
    ServerAdmin webmaster@domain.com
    UseCanonicalName Off
    CustomLog /usr/local/apache/domlogs/domain.com combined
    CustomLog /usr/local/apache/domlogs/domain.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
    ## User username # Needed for Cpanel::ApacheConf
    UserDir disabled
    UserDir enabled username
    <IfModule mod_suphp.c>
    suPHP_UserGroup username username
    </IfModule>
    <IfModule !mod_disable_suexec.c>
    SuexecUserGroup username username
    </IfModule>
    ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/
    
    
    # To customize this VirtualHost use an include file at the following location
    # Include "/usr/local/apache/conf/userdata/std/2/username/domain.com/*.conf"
    
    </VirtualHost>
    I restarted httpd and it gave me an error.

    I have suhosin installed on my server too.

    suhosin.executor.func.blacklist = "" is not in php.ini but I added it with the functions and I removed all the functions from disable_functions as well.

    What do I do?
     
  5. nakamura00

    nakamura00 Active Member

    Joined:
    Sep 3, 2007
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    I've same problem shell_exec disable, How to resolved them ?
     
  6. rlshosting

    rlshosting Well-Known Member

    Joined:
    Apr 23, 2009
    Messages:
    170
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    United States
    cPanel Access Level:
    Root Administrator
  7. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If you are using DSO, then you can use the method for suhosin, but this will not work under suPHP unfortunately. It's always best to indicate the PHP handler when asking how to enable a function, so we know which one is being used.

    Also, the how-to indicated will not work to retain changes under cPanel, since cPanel has this line above each VirtualHost entry:

    The reason it indicates not to edit directly is that every time either /scripts/rebuildhttpdconf or EasyApache runs, the changes made directly to httpd.conf in the VirtualHost area will be wiped.

    I have a discussion at the following url on how to get this working using DSO (and I link to my other guide in that post on how to get it working under suPHP):

    Is proc_open safe? - cPanel Forums
     
  8. rlshosting

    rlshosting Well-Known Member

    Joined:
    Apr 23, 2009
    Messages:
    170
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    I don't know what you are talking about. It works fine for me under suphp(not using dso) and I haven't had a problem yet after rebuilding httpd.
     
  9. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
  10. rlshosting

    rlshosting Well-Known Member

    Joined:
    Apr 23, 2009
    Messages:
    170
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    Well, It works. ;)

    Option Configured Value
    Default PHP Version (.php files) 5
    PHP 5 Handler suphp
    PHP 4 Handler none

    Apache suEXEC on

    I have shell_exec enabled on one account showing status2k without errors and the other account says: Warning: shell_exec() has been disabled for security reasons in /home/user/public_html/test/index.php on line 1


    SuPHP is Enabled. :)
     
    postcd likes this.
Loading...

Share This Page