php.ini per dir with php running as cgi

V

vesko

Registered
Dec 13, 2007
1
0
51
Hello,

Because of security concerns I'm running php as CGI+suexec instead as a module. How in this configuration I can have a php.ini per dir (or at least php.ini per virtual host)? I tried to replace the /usr/local/scripts/cgi-bin/php5 with a wrapper (intending to use the PHPRC variable) but immediately run into suexec security restrictions. Before continuing the struggle with the wrapper & suexec I decided to ask here:
Is there a way using WHM to set this, or any other "canonical" way to do it?
Any hints are welcome.
 
Last edited:
S

sabarishks

Active Member
Jun 29, 2007
35
0
56
Try this...

1. Moving php5 binary:

mv /usr/local/cpanel/cgi-sys/php5 /usr/local/cpanel/cgi-sys/php5.bin

2. Then creating wrapper file in the /usr/local/cpanel/cgi-sys/php5 with the following content:

#!/bin/bash

# This will fake the name & path and hide the /usr/local/cpanel/cgi-sys/php5 path!
export SCRIPT_NAME=$REQUEST_URI
export SCRIPT_FILENAME=$PATH_TRANSLATED
export PWD=$DOCUMENT_ROOT

if [ -f "$DOCUMENT_ROOT/php.ini" ]; then
exec /usr/local/cpanel/cgi-sys/php5.bin -c $DOCUMENT_ROOT
else
exec /usr/local/cpanel/cgi-sys/php5.bin
fi

3. Save the file and change the permissons:

chown root:wheel /usr/local/cpanel/cgi-sys/php5*;
chmod 755 /usr/local/cpanel/cgi-sys/php5*;
 
K

kenashkov

Active Member
Nov 23, 2006
33
0
156
Sofia, Bulgaria
cPanel Access Level
Root Administrator
Hi,
I managet to get it working per virtual host with this wrapper (I also came up to the idea that it has to be chowned to root/wheel :) ):
Code: 
#!/bin/sh
user=`whoami`
export PHPRC=/home/$user/public_html
exec /usr/local/cpanel/cgi-sys/php5bin
I reworked your wrapper to look like this:
Code: 
#!/bin/bash

# This will fake the name & path and hide the /usr/local/cpanel/cgi-sys/php5 path!
export PWD=$DOCUMENT_ROOT

export PHPRC=`dirname $PATH_TRANSLATED`/php.ini

exec /usr/local/cpanel/cgi-sys/php5bin
The PWD has to be exported to hide the path.
I prefer to use the PHPRC, because it will just look in the specified directory for php.ini, because with the '-c' you have to first check does the files exists (as you do in your example).
 
cPanelKenneth

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
80
458
cPanel Access Level
Root Administrator
Use mod_suphp. It will give you what you want, without having to jump through hoops with fragile wrappers.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
Born2Kill Configure Custom php.ini Per Account? Web Servers and Applications 2
sahostking php.ini not updating properly Web Servers and Applications 1
N php.ini directives not working properly Web Servers and Applications 7
durangod config php to allow per domain ini files Web Servers and Applications 4
G Proper procedure to edit php.ini Web Servers and Applications 5
Similar threads
Configure Custom php.ini Per Account?
php.ini not updating properly
php.ini directives not working properly
config php to allow per domain ini files
Proper procedure to edit php.ini
Top Bottom