Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Enabling PHP-FPM forces disable_functions

Discussion in 'EasyApache' started by AndyX, Jan 18, 2017.

Tags:
  1. AndyX

    AndyX Active Member

    Joined:
    Sep 25, 2015
    Messages:
    35
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Los Altos, CA
    cPanel Access Level:
    Website Owner
    WHM 60.0 (build 35)
    PHP Version: ea-php71

    When I enable PHP-FPM

    pic001.jpg

    When I disable PHP-FPM

    pic002.jpg

    Is there any way to enable PHP-FPM without disabling the following functions:

    exec,passthru,shell_exec,system
     
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,719
    Likes Received:
    98
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    I'm not entirely sure that cPanel's PHP-FPM adaption is ready for primetime.

    You will want to read through:

    PHP-FPM and EasyApache 4 - Documentation - cPanel Documentation

    cPanel's PHP-FPM is adding those disabled functions by default. You can adjust this, system-wide by modifying/creating the file at:

    /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml

    Or you can set this per VirtualHost using the file:

    /var/cpanel/userdata/[user]/[domain].php-fpm.yaml

    and adjust the disable_functions for that specific pool.

    All of this gets exceedingly complicated in a per VirtualHost pool setup. I have real reservations over whether cPanel's decision to use a per-VirtualHost FPM pool is the way to go. I think a per-user FPM pool would be a lot simplier. And the system for doing this is all a bit convoluted at this stage.

    Perhaps the cPanel PHP-FPM system will all come together at some point. Perhaps a per-VirtualHost FPM pool will make more sense then. But the system as it stands right now, to me, leaves a bit to be desired.
     
  3. AndyX

    AndyX Active Member

    Joined:
    Sep 25, 2015
    Messages:
    35
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Los Altos, CA
    cPanel Access Level:
    Website Owner
    Hi sparek-3,

    Thank you for your help.

    Sounds like I will need to create a folder called ApachePHPFPM located here:

    /var/cpanel/ApachePHPFPM

    Then create a file called:

    /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml

    Then in that file enter:

    Code:
    disable_functions = 
    
    Is this all correct?
     
  4. AndyX

    AndyX Active Member

    Joined:
    Sep 25, 2015
    Messages:
    35
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Los Altos, CA
    cPanel Access Level:
    Website Owner
  5. AndyX

    AndyX Active Member

    Joined:
    Sep 25, 2015
    Messages:
    35
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Los Altos, CA
    cPanel Access Level:
    Website Owner
    I tried creating the file as I outlined in post #3, but that caused problems, when I switched to PHP-FPM is would no longer show my domain at the bottom of the page.
     
  6. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,719
    Likes Received:
    98
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    I believe it should be:

    Code:
    ---
    php_admin_value_disable_functions = { present_ifdefault: 0 } 
    Keep in mind though, this is going to enable all functions for every account that uses PHP-FPM

    Sorry, think my original post was wrong, I think this is right. I have edited this post.
     
  7. AndyX

    AndyX Active Member

    Joined:
    Sep 25, 2015
    Messages:
    35
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Los Altos, CA
    cPanel Access Level:
    Website Owner
    When I put that code into the system_pool_defaults.yaml file and enabled PHP-FPM I got the following error when I reloaded my XenForo forum:

    upload_2017-1-19_8-48-33.png
     
  8. AndyX

    AndyX Active Member

    Joined:
    Sep 25, 2015
    Messages:
    35
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Los Altos, CA
    cPanel Access Level:
    Website Owner
  9. AndyX

    AndyX Active Member

    Joined:
    Sep 25, 2015
    Messages:
    35
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Los Altos, CA
    cPanel Access Level:
    Website Owner
    @sparek-3

    In the code you posted, you have --- on the fist line, is by accident or is it needed?
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,855
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The following document includes information on how to change the default configuration values with PHP-FPM on EA4:

    PHP-FPM and EasyApache 4 - Documentation - cPanel Documentation

    In particular, this is the file path to edit for a specific domain name:

    Code:
    /var/cpanel/userdata/[user]/[domain].php-fpm.yaml
    Otherwise, review the paths under "Optional files" if you wish to to change the default parameters. Also, the following document provides information about how to formulate the custom entries:

    Configurations Values of PHP-FPM - Documentation - cPanel Documentation

    After making those changes to the YAML file on a specific domain name, run the following command:

    Code:
    /scripts/php_fpm_config --rebuild --domain=domain
    This script is documented at:

    The php_fpm_config Script - Documentation - cPanel Documentation

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Del Drago likes this.
  11. AndyX

    AndyX Active Member

    Joined:
    Sep 25, 2015
    Messages:
    35
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Los Altos, CA
    cPanel Access Level:
    Website Owner
    How come when I try to run the command I get "command not found" message?

    upload_2017-1-20_9-50-45.png
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,855
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The full path to the script is required in the command:

    Code:
    /scripts/php_fpm_config
    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. AndyX

    AndyX Active Member

    Joined:
    Sep 25, 2015
    Messages:
    35
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Los Altos, CA
    cPanel Access Level:
    Website Owner
    Thank you, Michael.

    So far so good, I ran the script and my server is still running.

    upload_2017-1-20_10-2-13.png

    Now I will need to make the changes to the .yaml

    Code:
    /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml
    
    and run the script again. I'm still not clear if the first line should have a --- or that was a mistake.

    Code:
    ---
    php_admin_value_disable_functions = { present_ifdefault: 0 }
    
     
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,855
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Yes, that should be the first line. Information on YAML files is also available at:

    YAML - Wikipedia

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. AndyX

    AndyX Active Member

    Joined:
    Sep 25, 2015
    Messages:
    35
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Los Altos, CA
    cPanel Access Level:
    Website Owner
    I followed all the steps:

    1) Created a ApachePHPFPM folder and system_pool_defaults.yaml file.

    pic001.jpg

    2) The system_pool_defaults.yaml file contains:

    pic002.jpg

    3) Ran the script:

    /scripts/php_fpm_config --rebuild --domain=example.com

    Of course instead of using example.com I used my domain.

    4) Applied PHP-FPM

    pic003.jpg

    And the result is a server error when I try to view my server in the browser:

    pic004.jpg

    Looking at my error_log file I have many lines similar to this:

    pic005.jpg
     
    #15 AndyX, Jan 20, 2017
    Last edited: Jan 21, 2017
  16. AndyX

    AndyX Active Member

    Joined:
    Sep 25, 2015
    Messages:
    35
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Los Altos, CA
    cPanel Access Level:
    Website Owner
    Looking at the following error.log file:

    /opt/ea-php71/root/usr/var/log/php-fpm/error.log

    pic001.jpg

    I have never tried setting any pool, could that be the problem?
     
  17. AndyX

    AndyX Active Member

    Joined:
    Sep 25, 2015
    Messages:
    35
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Los Altos, CA
    cPanel Access Level:
    Website Owner
    I was never able to solve this issue.
     
  18. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,855
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Please revert any modifications you have made and let us know if the steps outlined below are helpful:

    1. Create the /var/cpanel/ApachePHPFPM directory:

    Code:
    mkdir /var/cpanel/ApachePHPFPM
    2. Create the /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml file:

    Code:
    touch /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml
    3. Edit /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml using your preferred text editor (e.g. vi, nano) so that it looks exactly like this:

    Code:
    ---
    php_admin_value_disable_functions: { name: 'php_admin_value[disable_functions]', value: passthru,system }
    
    In this example, "passthru,system" are left as disabled functions. No other lines exist before or after this entry in this file.

    4. Regenerate the PHP-FPM configuration files via:

    Code:
    /scripts/php_fpm_config --rebuild
    5. Restart the Apache PHP-FPM and Apache service:

    Code:
    /scripts/restartsrv_apache_php_fpm
    /scripts/restartsrv_httpd
    Keep in mind disable_functions works differently compared to most other PHP values with PHP-FPM. When you define a custom disable_functions value in your PHP-FPM configuration, it's allowing you to disable additional functions on top of what's already disabled in the global php.ini file. For instance, let's say the following line is configured for PHP version 7.0 from WHM >> MultiPHP INI Editor >> Editor Mode:

    Code:
    disable_functions = popen,proc_open
    If you were to to setup a custom PHP-FPM default value for disable_functions per the example at the top of this post, then the actual disabled functions would include passthru, system, popen, proc_open. Additionally, keep in mind the PHPINFO output on the website will match what you've configured in your custom PHP-FPM configuration file, despite the fact that additional PHP functions are disabled (this is an artifact of how PHP and PHP-FPM work as opposed to how they are implemented with cPanel & WHM).

    In summary, while you can add additional entries to the disable_functions PHP value through the use of a custom PHP-FPM configuration file, and customize the disable_functions PHP value for individual PHP-FPM user pools, you can't enable functions for this option that are already disabled in the global php.ini configuration file.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    DomineauX, linux4me2 and CyclingTribe like this.
  19. Floyd R Turbo

    Floyd R Turbo Member

    Joined:
    Jul 30, 2015
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    West Des Moines, IA
    cPanel Access Level:
    Root Administrator
    'sup @AndyX! Were you able to fix this? I'm hitting the same issue after bumping to php7 and php-fpm
     
  20. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,855
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Do the instructions in my last response to this thread help?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice