Author Topic: PHP disable_functions for separated vhost  (Read 16747 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Re: PHP disable_functions for separated vhost
« Reply #15 on: January 26, 2021, 02:02:37 PM »
Thanks but I haven't any problem even if I break them all. I'm new to CWP and I'm working on a test server to learn more about CWP.

So, the point (I think) is how to change the php.ini configuration path to read php.ini or .user.ini from the user's root folder when I have PHP Selector v2 or PHP-FPM Selector activated with 2< PHP versions.


Re: PHP disable_functions for separated vhost
« Reply #16 on: January 26, 2021, 02:05:04 PM »
Steps/(Spoon-feeding).
1. Admin CWP, list Accounts, open panel for user (wait 20secs. or so)..
2. User CWP, PHP Selector
3. Select Domain, file browser should highlight/display public_html, by default.
4. Select PHP version alongside the above (PHP 7.4 Selector CGI), Apply
5. CWP Settings, Edit PHP.ini
6. Add a new Record, disable_functions, "shell_exec, exec, system" (no quotes), Add, Update changes
7. File Management, File Manager, create a phpinfo() PHP file in /home/username/public_html
8. Admin CWP (restart Apache)
9. Internet browser: website/phpinfo.php

Result.
PHP Version 7.4.11
Server API    CGI/FastCGI
Virtual Directory Support    disabled
Configuration File (php.ini) Path    /opt/alt/php74/usr/php
Loaded Configuration File    /home/webp/public_html/php.ini
Scan this dir for additional .ini files    /opt/alt/php74/usr/php/php.d
Additional .ini files parsed    /opt/alt/php74/usr/php/php.d/imagick.ini, /opt/alt/php74/usr/php/php.d/ioncube.ini, /opt/alt/php74/usr/php/php.d/mcrypt.ini, /opt/alt/php74/usr/php/php.d/redis.ini

disable_functions   exec, shell_exec, system

Notes:
You can't mix CGI & FPM within the same domain.
Selecting PHP-FPM, the editor changes .user.ini
Selecting PHP-CGI the editor changes php.ini and allows per directory settings.
« Last Edit: January 26, 2021, 02:12:10 PM by cynique »

Re: PHP disable_functions for separated vhost
« Reply #17 on: January 26, 2021, 02:16:40 PM »
I think that I've found precisely where your issue lies..

Using PHP-CGI, it's possible to alter the disable_functions
When using PHP-FPM (some) changes are reflected, example
Variable            Value      Default
memory_limit   192M   128M
It appears that others have a 'protected' status. not something that I've come across and I suggest there'll be a global setting someplace to enable/disable this.

With a little internet searching (why do others have trouble with this?), it appears to also happen in cPanel etc.
It looks as though you'd need to mess about with the fpm pools.
https://grepitout.com/enabling-php-fpm-forces-disable_functions-cpanel/
« Last Edit: January 26, 2021, 02:23:09 PM by cynique »

Offline
*
Re: PHP disable_functions for separated vhost
« Reply #18 on: January 26, 2021, 02:21:09 PM »
Steps/(Spoon-feeding).
1. Admin CWP, list Accounts, open panel for user (wait 20secs. or so)..
2. User CWP, PHP Selector
3. Select Domain, file browser should highlight/display public_html, by default.
4. Select PHP version alongside the above (PHP 7.4 Selector CGI), Apply
5. CWP Settings, Edit PHP.ini
6. Add a new Record, disable_functions, "shell_exec, exec, system" (no quotes), Add, Update changes
7. File Management, File Manager, create a phpinfo() PHP file in /home/username/public_html
8. Admin CWP (restart Apache)
9. Internet browser: website/phpinfo.php

Result.
PHP Version 7.4.11
Server API    CGI/FastCGI
Virtual Directory Support    disabled
Configuration File (php.ini) Path    /opt/alt/php74/usr/php
Loaded Configuration File    /home/webp/public_html/php.ini
Scan this dir for additional .ini files    /opt/alt/php74/usr/php/php.d
Additional .ini files parsed    /opt/alt/php74/usr/php/php.d/imagick.ini, /opt/alt/php74/usr/php/php.d/ioncube.ini, /opt/alt/php74/usr/php/php.d/mcrypt.ini, /opt/alt/php74/usr/php/php.d/redis.ini

disable_functions   exec, shell_exec, system

Notes:
You can't mix CGI & FPM within the same domain.
Selecting PHP-FPM, the editor changes .user.ini
Selecting PHP-CGI the editor changes php.ini and allows per directory settings.

Perfect, with these steps at my phpinfo() I can see that the paths loaded from /opt/alt/php74/usr/php/... but the Loaded Configuration File hasn't changed to  /home/my_domain/public_html/php.ini

Re: PHP disable_functions for separated vhost
« Reply #19 on: January 26, 2021, 02:33:16 PM »
1. CWP Admin, Webserver Settings, Webservers Conf Editor, PHP-FPM
2. php-fpm74 tab
3. Edit a user account conf
4. Add to the bottom: php_admin_value[disable_functions] = shell, shell_exec, system
5. Restart/Reload Apache and PHP-FPM
« Last Edit: January 26, 2021, 02:45:20 PM by cynique »

Offline
*
Re: PHP disable_functions for separated vhost
« Reply #20 on: January 26, 2021, 02:38:03 PM »
I'm currently using PHP-CGI and I see only PHP-FPM.

Re: PHP disable_functions for separated vhost
« Reply #21 on: January 26, 2021, 02:50:41 PM »
I'm currently using PHP-CGI and I see only PHP-FPM.
If you are on the free CWP, then you'll only get FPM if you force Apache to use it system-wide. So best/easiest to ignore that option.
Now that I've spent time investigating the cause of the FPM "problem", I'll have a quick look around to see if I have a PHP 7.4 server on the free tier.

(Might eventually get back to kernel builds today, for my personal project. ;) )

Offline
*
Re: PHP disable_functions for separated vhost
« Reply #22 on: January 26, 2021, 02:53:32 PM »
No, I'm running a CWPpro version with PHP-CGI and installed PHP versions from PHP Selector v2.

Re: PHP disable_functions for separated vhost
« Reply #23 on: January 26, 2021, 03:04:26 PM »
Straight Apache, with no nginx/varnish?

Offline
*
Re: PHP disable_functions for separated vhost
« Reply #24 on: January 26, 2021, 03:04:53 PM »
Yes

Re: PHP disable_functions for separated vhost
« Reply #25 on: January 26, 2021, 03:14:25 PM »
Which brings us back full circle.  :-\
It has to be something peculiar to your setup - that's two CWP.Pro servers that I've checked this on and both work as expected.
A free CWP is currently updating to PHP7.4.11, so I'll take a quick look there but can't really offer much more, other than to suggest starting from scratch. You may have made a change somewhere that's screwing things up.

Edit:
Even using a free CWP and manually changing the php.ini file works..
Server API    CGI/FastCGI
Virtual Directory Support    disabled
Configuration File (php.ini) Path    /usr/local/php
Loaded Configuration File    /home/buck/public_html/php.ini
Scan this dir for additional .ini files    /usr/local/php/php.d
Additional .ini files parsed    /usr/local/php/php.d/ioncube.ini, /usr/local/php/php.d/mcrypt.ini

disable_functions   shell, shell_exec

(Note the space after the comma - gotta be worth checking? )
« Last Edit: January 26, 2021, 03:22:08 PM by cynique »

Offline
*
Re: PHP disable_functions for separated vhost
« Reply #26 on: January 26, 2021, 03:21:25 PM »
OK, I will rebuild my server with a clean CentOS 7 and a fresh CWPpro installation without any modifications and I will try only to go with your steps and I will be back with the new results. Thanks for your help and time :)

Re: PHP disable_functions for separated vhost
« Reply #27 on: January 26, 2021, 03:23:07 PM »
See my update above..  ;)

Offline
*
Re: PHP disable_functions for separated vhost
« Reply #28 on: January 26, 2021, 03:27:51 PM »
disable_functions   shell, shell_exec

(Note the space after the comma - gotta be worth checking? )
See my update above..  ;)

I already tried both, with space after comma and without space after comma with no luck... Time to go and install everything from scratch. Thanks again :)

Re: PHP disable_functions for separated vhost
« Reply #29 on: January 26, 2021, 03:34:39 PM »
Be sure to follow the official page on installation, plus the following;
Use LVM and separate /,/home,/var,/backup if possible.
Pre-install epel-release, followed by ccache.