1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

[Safe PHP prevent overriding php.ini extension] how to exclude a user?

Discussion in 'Site & Server Administration' started by basketmen, Aug 27, 2015.

  1. #1
    Hi guys,

    In WHM > Easyapache, there is this PHP extension :
    Safe PHP CGI - prevents users from overriding system php.ini

    Screenshot
    [​IMG]

    my question, can i exclude a user from this, so the user can increase like memory_limit in they account?
    if not, is there alternative for this that allowed exclude a user?
     
    basketmen, Aug 27, 2015 IP
  2. Zoti Media Group

    Zoti Media Group Notable Member

    Messages:
    1,598
    Likes Received:
    113
    Best Answers:
    2
    Trophy Points:
    265
    Digital Goods:
    2
    #2
    Yes there is a option doing it with much coding.
    I suggest Cloudlinux. You will be able to set memory limit per user.
     
    Zoti Media Group, Aug 27, 2015 IP
  3. basketmen

    basketmen Well-Known Member

    Messages:
    837
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    130
    #3
    so no existed setting to do this with Safe PHP CGI?

    is there free alternative?
     
    basketmen, Aug 28, 2015 IP
  4. samirj09

    samirj09 Well-Known Member

    Messages:
    335
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    125
    #4
    There may be an alternative method, but need a little bit more information on your needs. Which values specifically are you wanting clients not be able to to change?
     
    samirj09, Aug 28, 2015 IP
  5. basketmen

    basketmen Well-Known Member

    Messages:
    837
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    130
    #5
    memory_limit & max_execution_time of course
     
    basketmen, Aug 28, 2015 IP
  6. samirj09

    samirj09 Well-Known Member

    Messages:
    335
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    125
    #6
    For memory_limit, you can define a RLimit in your Apache configuration. This way, even if the memory limit was increased via the php.ini file, the application would hit Apache's memory limit, which could not be changed. The Apache documentation provides details on this: http://httpd.apache.org/docs/2.2/mod/core.html#rlimitmem .

    For max_execution_time, there really isn't a perfect solution. However, if you are simply wanting to limit the amount of time a PHP process can run (not exactly the same thing as max_execution_time, but quite similar), PRM (https://www.rfxn.com/projects/process-resource-monitor/) provides functionality for you to define a specific set of rules, like runtime and process type that when exceeded would result in the process being killed.

    I have used both of these solutions for the same issue previously and can report they worked quite well. :)
     
    samirj09, Aug 28, 2015 IP
    basketmen likes this.
  7. basketmen

    basketmen Well-Known Member

    Messages:
    837
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    130
    #7
    wow looks like very advanced, it can exclude a user?
    if there is simple alternative please share too
     
    basketmen, Aug 28, 2015 IP
  8. samirj09

    samirj09 Well-Known Member

    Messages:
    335
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    125
    #8
    Did you mean PRM or the RLimits? PRM, yes. It is very customizable via the rule files.

    For RLimits, you can override or disable a specific users limit by adding the overriding value to a specific users vhost include. https://documentation.cpanel.net/plugins/servlet/mobile#content/view/2326632


    No simpler way (that I know of) which would allow the granularity your looking for.
     
    samirj09, Aug 28, 2015 IP
  9. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #9
    An alternative method (which also involves a bit of scripting) which might work is to run a bot/script on the server checking the user-folders for each account for a php.ini file (ie, turn off the disallowing for php.ini in the control panel) - the script can then be modified to delete user-made php.ini-files if they're not in a white-list where they're allowed to have their own php.ini. You could even base this on logging, or create a filesystem check that checks to see if the file php.ini is created or uploaded, and then refuse that file. Plenty of options, however all of the options involve some coding.
     
    PoPSiCLe, Aug 29, 2015 IP