The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

suPHP modify php config per account if php.ini config is disallowed in user account

Discussion in 'Security' started by dexus, Dec 9, 2009.

  1. dexus

    dexus Well-Known Member

    Joined:
    Jan 14, 2006
    Messages:
    169
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    If you configure [phprc_paths] to force loading php.ini from specified location is there a way to somehow modify php configuration for each user, maybe in apache user includes or something else...?

    I read all threads about suphp here and couldn't find what I am looking for...

    That would be the best and most secure way for suPHP, but I don't see how can this be accomplished...
     
  2. fi77i

    fi77i Well-Known Member

    Joined:
    Aug 20, 2008
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Uruguay
    cPanel Access Level:
    Root Administrator
    If you have suPHP installed you can create a php.ini for each user, the user will use his specific php.ini settings instead of the server wide settings.

    Eg.

    You have some disable_functions server wide, but you have a client that needs one of those functions enable, you create a php.ini at the directory where it's needed (eg. /public_html) (guys correct me if I'm wrong but I think that the php.ini won't be recursive). Then you declare in it the disable_functions variable and set all the functions except the one you need.
    When the site checks the disable_functions, will read the local php.ini instead the server wide.

    If I do not misunderstand, this could help you.
    Keep in mind that suPHP won't accept 777 directories.
     
  3. dexus

    dexus Well-Known Member

    Joined:
    Jan 14, 2006
    Messages:
    169
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I know all that, but that was not my question....

    That is exactly what we wan't to prevent... We don't wan't users to be able to modify php configuration, and if php.ini is in their home directory thay can do what ever they want with it...

    I would like to prevent users to modify php.ini configuration, and that thay have to request from us any php configuration modification but if we prevent php.ini in user directories with [phprc_paths] in suPHP configuration than it looks like there is no way to alter php configuration per user in any way...
     
  4. madaboutlinux

    madaboutlinux Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    1,052
    Likes Received:
    2
    Trophy Points:
    38
    Location:
    Earth
    Well, it looks like there is no specific way once you enable phprc_paths. You can uncomment the application lines in the suphp configuration files to force users to use the php.ini from those directories and you can try adding your own php.ini files there with different settings.
     
  5. dexus

    dexus Well-Known Member

    Joined:
    Jan 14, 2006
    Messages:
    169
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    It's really bad, if there is no way to protect php configuration and don't allow user to go to default php configuration just by adding empty php.ini file...

    If you force specific php.ini configuration by phprc_paths than there is no way to alter configuration per user...

    How can one choose between those two bad options... :confused:

    Is there some other way to prevent users to use php.ini without phprc_paths that can also allow us to alter configuration per user?
     
  6. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
  7. dexus

    dexus Well-Known Member

    Joined:
    Jan 14, 2006
    Messages:
    169
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Thank you very much... Thats exactly what I was looking for. :)

    The worst thing is that I already read all your posts about this, but obviously not very carefully, and I somehow overlooked the <Location /> hack in your post, so that was the only thing that I missed here...

    Thanks again... :)
     
Loading...

Share This Page