Support for PHP disable_functions per domain

[DRYALLS]

Hi,

I'm considering upgrading to this version of PLESK.

It's very important to me that I can set the PHP disable_functions to allow shell access for one domain only.

PHP disable_functions MUST be in php.ini. Does PLESK 11 support different php.ini per domain? I've downloaded the trial and looked at the PHP settings that can be changed by drop-down, radio buttons, text boxes, but it doesn't appear.

 

[abdi]

Run (on the respective domain name):

<?php phpinfo();  ?>

And you will see the respective php.ini file in action. You can also manually add parameters to it such as that disable_functions...

 

[IgorG]

What about using "Additional configuration directives" field in PHP settings? Also, this article may be useful - http://kb.parallels.com/111697

 

[DRYALLS]

So this is what I see after downloading the PLESK11+CentOS6 ISO and installing it

In PLESK I add a domain mydomain.com and create a phpinfo.php file

The results include:

Loaded Configuration File /etc/php.ini

Apache Environment includes

PP_CUSTOM_PHP_INI /var/www/vhosts/system/mydomain.com/etc/php.ini

and a setting for disable_functions is 'no value' either locally or Master

I check in /etc/php.ini and confirm that disable_functions is not set

So then I create a test.php file to check whether I can exec something

All it is is echo exec('whoami');

It returns 'apache', that is what I would expect

So now I edit etc/php.ini to switch on global server wide disable_functions. I restart apache and now when I run phpinfo.php again disable_functions for local and Master is

disable_functions exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

These are the settings on my existing server which are causing me issues.

So now I run my test.php again. I get the expected result

Warning: exec() has been disabled for security reasons in /var/www/vhosts/mydomain.com/httpdocs/test.php on line 4

So far, so good. No I want to override the disable_functions for mydomain.com. I go to the PLESK GUI and in the big text box for PHP settings I type:

disable_functions =passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

Again I check phpinfo.php and confirm that my local disable_functions have been added as above. They have, so this should allow me to use the exec command in mydomain.com

So I run test.php, expecting to see 'apache' as the output again. But I get the same Warning message as above.

So clearly something is wrong. Please help.

 

[DRYALLS]

Further info

If I configure PHP to be Fast-CGI this problem goes away. PHP loads its configuration from the /var/www/vhosts/system/mydomain.com/etc/php.ini in my domain.

But why doesn't it work for Apache, where the default /etc/php.ini is loaded, with the additional PP_CUSTOM_PHP_INI /var/www/vhosts/system/mydomain.com/etc/php.ini included by Apache?

 

[abdi]

There some functions you are not allowed to override ...and disable_functions is one of them! Unfortunately, you can't and you will not be able to override it!!

 

[DRYALLS]

So it has to be in the 'root' php.ini and cannot be included. I see that now.

OK, but why does the FastCGI PHP on PLESK use the /var/www/vhosts/<domain>/etc/php.ini and the Apache mod-php on PLESK use /etc/php.ini and then include the domain-specific one?

 

[burnleyvic]

To get it working set php hander to fastCGI, select desired php version. then put your custom directives in this file /var/www/vhosts/system/<domain.tld>/conf/php.ini
save file and rebuild configuration for domain (either on command line or by changing a php setting in panel for desired domain). The settings from /var/www/vhosts/system/<domain.tld>/conf/php.ini will override anything added via the panel. Verify with phpinfo. Setting is permanent and won;t be overwritten by any change in plesk.