Enable shell_exec() for one user!?

parisdns

Active Member
Aug 4, 2004
42
1
158
PrivateLayer.com
How could I enable shell_exec() only for one user? Thanks.
 
  • Like
Reactions: postcd

JPC-Shaun

Well-Known Member
Oct 29, 2008
49
0
56
Hi;

It is only possible if you have installed suhosin extentions in your server.

Below are the exact steps to enable a particular PHP function:

1. Remove all functions from disable_functions in php.ini
2. Add functions in php.ini suhosin.executor.func.blacklist = “” those you want to disable globally.

After that in the virtual host section of a domain you can add below code to enable a function only for one domain:

<VirtualHost 127.0.0.1>
………..
<IfModule mod_php5.c>
php_admin_value suhosin.executor.func.blacklist = “shell_exec”
</IfModule>
……
</VirtualHost>

In this example shell_exec has been enabled for the VirtualHost.
 

rlshosting

Well-Known Member
Apr 23, 2009
170
1
68
United States
cPanel Access Level
Root Administrator
I changed this in httpd.conf:
Code:
<VirtualHost 174.136.xx.xxx:80>
<IfModule mod_php5.c>
php_admin_value suhosin.executor.func.blacklist = “shell_exec”
</IfModule>
ServerName domain.com
ServerAlias domain.com
DocumentRoot /home/username/public_html
ServerAdmin [email protected]
UseCanonicalName Off
CustomLog /usr/local/apache/domlogs/domain.com combined
CustomLog /usr/local/apache/domlogs/domain.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
## User username # Needed for Cpanel::ApacheConf
UserDir disabled
UserDir enabled username
<IfModule mod_suphp.c>
suPHP_UserGroup username username
</IfModule>
<IfModule !mod_disable_suexec.c>
SuexecUserGroup username username
</IfModule>
ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/


# To customize this VirtualHost use an include file at the following location
# Include "/usr/local/apache/conf/userdata/std/2/username/domain.com/*.conf"

</VirtualHost>
I restarted httpd and it gave me an error.

I have suhosin installed on my server too.

suhosin.executor.func.blacklist = "" is not in php.ini but I added it with the functions and I removed all the functions from disable_functions as well.

What do I do?
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,606
33
238
somewhere over the rainbow
cPanel Access Level
Root Administrator
If you are using DSO, then you can use the method for suhosin, but this will not work under suPHP unfortunately. It's always best to indicate the PHP handler when asking how to enable a function, so we know which one is being used.

Also, the how-to indicated will not work to retain changes under cPanel, since cPanel has this line above each VirtualHost entry:

# DO NOT EDIT. AUTOMATICALLY GENERATED. IF YOU NEED TO MAKE A CHANGE PLEASE USE THE INCLUDE FILES.
The reason it indicates not to edit directly is that every time either /scripts/rebuildhttpdconf or EasyApache runs, the changes made directly to httpd.conf in the VirtualHost area will be wiped.

I have a discussion at the following url on how to get this working using DSO (and I link to my other guide in that post on how to get it working under suPHP):

Is proc_open safe? - cPanel Forums
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,606
33
238
somewhere over the rainbow
cPanel Access Level
Root Administrator

rlshosting

Well-Known Member
Apr 23, 2009
170
1
68
United States
cPanel Access Level
Root Administrator
Well, It works. ;)

Option Configured Value
Default PHP Version (.php files) 5
PHP 5 Handler suphp
PHP 4 Handler none

Apache suEXEC on

I have shell_exec enabled on one account showing status2k without errors and the other account says: Warning: shell_exec() has been disabled for security reasons in /home/user/public_html/test/index.php on line 1


SuPHP is Enabled. :)
 
  • Like
Reactions: postcd