- July 10, 2020
- Posted by: administrator
- Category: DirectAdmin
The directive “disable_functions” allows to disable certain functions. It takes on a comma-delimited list of function names.
DirectAdmin uses the directive for security purposes, and here is a way how to customise it. We need to create a file /usr/local/directadmin/custombuild/custom/php_disable_functions with our own list of functions.
Let’s say we want to allow proc_close, proc_open server-wide in DirectAdmin in PHP.
cd /usr/local/directadmin/custombuild
touch custom/php_disable_functions
A default list includes the following PHP functions:
exec, system, passthru, shell_exec, proc_close, proc_open, dl, popen, show_source, posix_kill, posix_mkfifo, posix_getpwuid, posix_setpgid, posix_setsid, posix_setuid, posix_setgid, posix_seteuid, posix_setegid, posix_uname
Our custom list will look like the following (it excludes proc_close, proc_open):
exec, system, passthru, shell_exec, dl, popen, show_source, posix_kill, posix_mkfifo, posix_getpwuid, posix_setpgid, posix_setsid, posix_setuid, posix_setgid, posix_seteuid, posix_setegid, posix_uname
For this we run:
cd /usr/local/directadmin/custombuild
echo "exec,system,passthru,shell_exec,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname" > custom/php_disable_functions
and then update configs:
./build set secure_php yes
./build secure_php
After the process completes we need to check results it with:
php -i | grep ^disable_functions
It’s expected to see the modified list of disabled functions without proc_close, proc_open, i.e. the excluded functions are now allowed.