Hi guys, In WHM > Easyapache, there is this PHP extension : Safe PHP CGI - prevents users from overriding system php.ini Screenshot my question, can i exclude a user from this, so the user can increase like memory_limit in they account? if not, is there alternative for this that allowed exclude a user?
Yes there is a option doing it with much coding. I suggest Cloudlinux. You will be able to set memory limit per user.
There may be an alternative method, but need a little bit more information on your needs. Which values specifically are you wanting clients not be able to to change?
For memory_limit, you can define a RLimit in your Apache configuration. This way, even if the memory limit was increased via the php.ini file, the application would hit Apache's memory limit, which could not be changed. The Apache documentation provides details on this: http://httpd.apache.org/docs/2.2/mod/core.html#rlimitmem . For max_execution_time, there really isn't a perfect solution. However, if you are simply wanting to limit the amount of time a PHP process can run (not exactly the same thing as max_execution_time, but quite similar), PRM (https://www.rfxn.com/projects/process-resource-monitor/) provides functionality for you to define a specific set of rules, like runtime and process type that when exceeded would result in the process being killed. I have used both of these solutions for the same issue previously and can report they worked quite well.
Did you mean PRM or the RLimits? PRM, yes. It is very customizable via the rule files. For RLimits, you can override or disable a specific users limit by adding the overriding value to a specific users vhost include. https://documentation.cpanel.net/plugins/servlet/mobile#content/view/2326632 No simpler way (that I know of) which would allow the granularity your looking for.
An alternative method (which also involves a bit of scripting) which might work is to run a bot/script on the server checking the user-folders for each account for a php.ini file (ie, turn off the disallowing for php.ini in the control panel) - the script can then be modified to delete user-made php.ini-files if they're not in a white-list where they're allowed to have their own php.ini. You could even base this on logging, or create a filesystem check that checks to see if the file php.ini is created or uploaded, and then refuse that file. Plenty of options, however all of the options involve some coding.