Enabling PHP-FPM forces disable_functions

Hello,

The following document includes information on how to change the default configuration values with PHP-FPM on EA4:

PHP-FPM and EasyApache 4 - Documentation - cPanel Documentation

In particular, this is the file path to edit for a specific domain name:

Code:

/var/cpanel/userdata/[user]/[domain].php-fpm.yaml

Otherwise, review the paths under "Optional files" if you wish to to change the default parameters. Also, the following document provides information about how to formulate the custom entries:

Configurations Values of PHP-FPM - Documentation - cPanel Documentation

After making those changes to the YAML file on a specific domain name, run the following command:

Code:

/scripts/php_fpm_config --rebuild --domain=domain

This script is documented at:

The php_fpm_config Script - Documentation - cPanel Documentation

Thank you.

 

Hello,

The full path to the script is required in the command:

Code:

/scripts/php_fpm_config

Thanks!

 

Hello,

Yes, that should be the first line. Information on YAML files is also available at:

YAML - Wikipedia

Thanks!

 

Hello,

Please revert any modifications you have made and let us know if the steps outlined below are helpful:

1. Create the /var/cpanel/ApachePHPFPM directory:

Code:

mkdir /var/cpanel/ApachePHPFPM

2. Create the /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml file:

Code:

touch /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml

3. Edit /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml using your preferred text editor (e.g. vi, nano) so that it looks exactly like this:

Code:

---
php_admin_value_disable_functions: { name: 'php_admin_value[disable_functions]', value: passthru,system }

In this example, "passthru,system" are left as disabled functions. No other lines exist before or after this entry in this file.

4. Regenerate the PHP-FPM configuration files via:

Code:

/scripts/php_fpm_config --rebuild

5. Restart the Apache PHP-FPM and Apache service:

Code:

/scripts/restartsrv_apache_php_fpm
/scripts/restartsrv_httpd

Keep in mind disable_functions works differently compared to most other PHP values with PHP-FPM. When you define a custom disable_functions value in your PHP-FPM configuration, it's allowing you to disable additional functions on top of what's already disabled in the global php.ini file. For instance, let's say the following line is configured for PHP version 7.0 from WHM >> MultiPHP INI Editor >> Editor Mode:

Code:

disable_functions = popen,proc_open

If you were to to setup a custom PHP-FPM default value for disable_functions per the example at the top of this post, then the actual disabled functions would include passthru, system, popen, proc_open. Additionally, keep in mind the PHPINFO output on the website will match what you've configured in your custom PHP-FPM configuration file, despite the fact that additional PHP functions are disabled (this is an artifact of how PHP and PHP-FPM work as opposed to how they are implemented with cPanel & WHM).

In summary, while you can add additional entries to the disable_functions PHP value through the use of a custom PHP-FPM configuration file, and customize the disable_functions PHP value for individual PHP-FPM user pools, you can't enable functions for this option that are already disabled in the global php.ini configuration file.

Thank you.

 

Do the instructions in my last response to this thread help?

Thank you.