This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

How to lock certain php.ini settings for all virtual servers

6 posts / 0 new

Topic locked

Last post

#1 Mon, 01/10/2011 - 10:34

EZ

How to lock certain php.ini settings for all virtual servers

Hi,

I would like to lock some PHP settings in to values of my choice, so that virtual servers cannot override them (while they can still use and modify their own php.ini).

For example, I want expose_php Off to override whatever setting is specified in virtual-server-specific php.ini.

Is this possible?

Thanks,

Eyal.

#2 Mon, 01/10/2011 - 10:54

andreychek

Howdy,

Well, you could prevent the ability to change any PHP settings at all by setting the ownership of the php.ini file to apache or root or some other user.

However, so long as the Virtual Server owner has the ability to make edits to the php.ini file -- they can edit anything they want, so you can't prevent them from editing certain settings.

-Eric

#3 Mon, 01/10/2011 - 22:40 (Reply to #2)

EZ

Eric,

Isn't there any way to lock at least some dangerous settings like register_globals, memory and execution time limits, etc.?

What is the function of System Settings / Server Templates / / Apache website / PHP configuration variables for scripts ? Does it apply once only when a virtual server is created from the template?

Thanks,

Eyal.

#4 Mon, 01/10/2011 - 22:55

andreychek

Yeah, those should just be defaults (that can later be changed), I'm not aware of a way to lock in specific values.

If there's certain settings you don't want users using, you can always use the command line tools to test for their existence each day... and then slap users hands for using things you don't want them using :-)

However, I'm not aware of an existing way to allow users to set some settings, but not others... it's either all or nothing. Sorry :-)

-Eric

#5 Tue, 01/11/2011 - 00:33 (Reply to #4)

EZ

Eric,

I remember that at some point my web host forced some settings (eg. safe_mode) and there was no way to override them. Back then PHP was running under mod_php, so maybe in that configuration it is possible.

Anyway the situation is clear so I'll figure a way to keep things in order.

Thanks,

Eyal.

#6 Tue, 01/11/2011 - 00:41

ronald

you can run a cron on a daily basis or hourly or even per 5 minutes to reset certain settings in specific users php.ini.
What it will do is overwrite the existing php.ini with one that contains your settings. So I would create a php.ini with restrictions to your liking and have a cron job to replace the existing with yours.

You can limit general processes, cpu time and memory under virtualmin - Administration Options - edit resource limit for existing domains and in the server template for new domains.

with mod_php there would be only one php.ini for all and under control of the owner (root for example) but is is not safe

Topic locked