Possible to make exception to PHP's disable_function list for specific user?

P

peps03

Verified User
Joined
Oct 24, 2013
Messages
191
Location
Amsterdam
Hi,

I'm trying to figure out if it is possible to make an exception to PHP's disable_function list for a specific user?

Enabled via CB:

1645627956944.png


The list is added to php.ini:
1645627978930.png


But I like to ALLOW some of these functions for a specific user.

How do I do that?

Thanks!
 

CustomBuild secure_php | Directadmin Docs

DirectAdmin Knowledge Base
docs.directadmin.com
The DA secure php is global but can be customized as above.

You can use a user PHP.ini file as well I think. I dont do that thought all my shared customers get same. If they need custom stuff I sell them a vps
 
Just to be sure, this is only possible if you don't have them enabled in your global php.ini.
You can't undo a globally set disabled function on per user base.
 
No it would be the other way open it up and set every other user on the entire box to more strict.

Lot of work for one person.
 
And what if I put this user on PHP7.3 and only open this version up?

Could I block other users from switching down to 7.3?
 
@bdacus01 @peps03 @Richard G
there are easier way: "custom httpd" -> "php-fpm" -> "php-fpm Global custom2" or "php-fpm VER_number"
and there add line like:
php_admin_value[disable_functions] = mail, fileinfo
wait 1 min till php-fpm restart via cron and check phpinfo.
 
bdacus01 said:
No it would be the other way open it up and set every other user on the entire box to more strict.
Click to expand...
Correct, which would also be less safe because every user would be able to make it less again, unless after changing you would disable that option again, so indeed a whole lot of work.

Zhenyapan said:
there are easier way:
Click to expand...
Which is also for all users, not for 1 user, right?

peps03 said:
Could I block other users from switching down to 7.3?
Click to expand...
Maybe via the exclude command which would take care that nobody could switch down to 7.3. Never tried this before.

Exactly which disabled_functions do you want to exclude for that user?
 
I hope that will work, because what I have understood is that disabled_functions was the only thing which could not setup on a per user base in any way. So if it would work like that, then this would help several others.
 
Ah I see. So if Globally all 'unsafe' functions are disabled, the functions in the line below will 'overrule' the global disable all 'unsafe' functions and only disable the ones listed for this user, correct?

php_admin_value[disable_functions] = mail, fileinfo
 
Last edited:
peps03 said:
Ah I see. So if Globally all 'unsafe' functions are disabled, the functions in the line below will 'overrule' the global disable all 'unsafe' functions and only disable the ones listed for this user, correct?

php_admin_value[disable_functions] = mail, fileinfo
Click to expand...
Yes ? that’s what i have been doing for years.
 
Whoops i didn’t read it correctly i think. As mentioned before, you can’t overwrite functions that are globally disabled in your php.ini.

I don’t use the disable_functions option in php.ini, instead i disable functions per user as mentioned in #8
 
nope..., You can't rewrite global disable_functions list

so you need to remove that inside php.ini then make it functionly with php-fpm

it should be like this

/usr/local/directadmin/data/templates/custom/php-fpm.conf.custom2
Code: 
|*if USER="some_user"|
php_admin_value[disable_functions] = ""
|*else|
php_admin_value[disable_functions] = {LIST FROM php.ini that you remove in first step}
|*endif|

and rebuild template
cd /usr/local/directadmin/custombuild
./build rewrite_confs

###EDIT###
correct variable "USER"
 
Last edited:
You must log in or register to reply here.
Back
Top