Selective PHP security per user
- Thread starter CanadaGuy
- Start date
What do you mean by "lock down" and "opening" in regards for PHP configurations?
It is possible to have per-user php.ini settings. Check here:
It is possible to have per-user php.ini settings. Check here:
I don't think those mechanisms allow you to override the "disable_functions setting" which is applied with the CB 2.0 "secure_php" option, which seems to be a global setting. php-fpm conf gives the appearance of an override, but it doesn't seem to take effect. That is my primary issue at the moment, and is what people still have issues with as per these threads:
How to enable "proc_open" for one user?
What functions do you have disabled in the php.ini file that php-fpm is using? Any functions included there cannot be enabled any where else. So if you have proc_open disabled in your php.ini file, then you won't be able to enable it for any users in their php-fpm pool file. If you want...
forum.directadmin.com
can't use the custom httpd configuration to override disable_functions
Hi, I'm currently using custombuild 2.0 and compile php with ./build secure_php (I'm using PHP + mod_ruid2) I'm doing this so that I can disable some php functions. However I need to have a few functions for my script. So what I did was, I used the "custom httpd configurations" and added the...
forum.directadmin.com
Right, so from that, then perhaps the process described here could be implemented?:
How to enable "proc_open" for one user?
What functions do you have disabled in the php.ini file that php-fpm is using? Any functions included there cannot be enabled any where else. So if you have proc_open disabled in your php.ini file, then you won't be able to enable it for any users in their php-fpm pool file. If you want...
forum.directadmin.com
I'm just looking for way to make php-fpm "secure_php" better than ON or OFF, to better manage users with a reasonable justification to use those functions. Personally, I think it would be nice if the frameworks themselves were designed to better match shared hosting situations, but maybe both sides need to meet in the middle somewhere.
