CloudLinux - PHP Selector and restricting PHP functions

Dell keeps their Linux servers on and secure with KernelCare - all the latest security patches are promptly applied to running kernels

We are often asked how to prevent particular php function from being used by all clients. This is especially true about functions like exec, passthru, etc... This is something that can be easily done with php-selector. Your customers are only allowed to modify directives listed in /etc/cl.selector/php.conf file. For example if you want to block system command like 'exec' for php53 you have to add 'disable_functions=exec' in /opt/alt/php53/etc/php.ini file. As long as this directive is absent in /etc/cl.selector/php.conf file, users will not be able to use 'exec' in their scripts.

Do you want a quick check of what directives your users may customize? Execute the following command as root on your server:
# grep Directive /etc/cl.selector/php.conf

Yet, trying to secure your hosting with php.ini is wrong approach. It might work for php processes, but it will not work for CGI scripts. The secure environment is already established by CageFS which limits what processes can see or do to only safe actions.

1,500+ companies are running their servers securely without reboots

Trusted by Companies Like Yours