Enabling PHP-FPM forces disable_functions

AndyX

• January 18, 2017 14:02

WHM 60.0 (build 35) PHP Version: ea-php71 When I enable PHP-FPM 44579 When I disable PHP-FPM 44583 Is there any way to enable PHP-FPM without disabling the following functions: exec,passthru,shell_exec,system

• 

  sparek-3

  • January 18, 2017 20:27

  I'm not entirely sure that cPanel's PHP-FPM adaption is ready for primetime. You will want to read through: PHP-FPM and EasyApache 4 - Documentation - cPanel Documentation cPanel's PHP-FPM is adding those disabled functions by default. You can adjust this, system-wide by modifying/creating the file at: /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml Or you can set this per VirtualHost using the file: /var/cpanel/userdata/[user]/[domain].php-fpm.yaml and adjust the disable_functions for that specific pool. All of this gets exceedingly complicated in a per VirtualHost pool setup. I have real reservations over whether cPanel's decision to use a per-VirtualHost FPM pool is the way to go. I think a per-user FPM pool would be a lot simplier. And the system for doing this is all a bit convoluted at this stage. Perhaps the cPanel PHP-FPM system will all come together at some point. Perhaps a per-VirtualHost FPM pool will make more sense then. But the system as it stands right now, to me, leaves a bit to be desired.

  0
• 

  AndyX

  • January 18, 2017 21:42

  cPanel's PHP-FPM is adding those disabled functions by default. You can adjust this, system-wide by modifying/creating the file at: /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml

  
  Hi sparek-3, Thank you for your help. Sounds like I will need to create a folder called ApachePHPFPM located here: /var/cpanel/ApachePHPFPM Then create a file called: /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml Then in that file enter:
  disable_functions =
  Is this all correct?

  0
• 

  AndyX

  • January 18, 2017 22:11

  Found the documentaion: PHP-FPM and EasyApache 4 - Version 60 Documentation - cPanel Documentation and

  0
• 

  AndyX

  • January 18, 2017 22:26

  I tried creating the file as I outlined in post #3, but that caused problems, when I switched to PHP-FPM is would no longer show my domain at the bottom of the page.

  0
• 

  sparek-3

  • January 18, 2017 22:45

  I believe it should be:
  --- php_admin_value_disable_functions = { present_ifdefault: 0 }
  Keep in mind though, this is going to enable all functions for every account that uses PHP-FPM Sorry, think my original post was wrong, I think this is right. I have edited this post.

  0
• 

  AndyX

  • January 19, 2017 15:48

  I believe it should be:
  --- php_admin_value_disable_functions = { present_ifdefault: 0 }
  Keep in mind though, this is going to enable all functions for every account that uses PHP-FPM Sorry, think my original post was wrong, I think this is right. I have edited this post.

  
  When I put that code into the system_pool_defaults.yaml file and enabled PHP-FPM I got the following error when I reloaded my XenForo forum: 44599

  0
• 

  AndyX

  • January 19, 2017 16:01

  I found the link which explains the php_admin_value_disable_functions. Configurations Values of PHP-FPM - Documentation - cPanel Documentation However I'm not able to make this work.

  0
• 

  AndyX

  • January 19, 2017 16:01

  @sparek-3 In the code you posted, you have --- on the fist line, is by accident or is it needed?

  0
• 

  cPanelMichael

  • January 19, 2017 17:37

  Hello, The following document includes information on how to change the default configuration values with PHP-FPM on EA4: PHP-FPM and EasyApache 4 - Documentation - cPanel Documentation In particular, this is the file path to edit for a specific domain name:
  /var/cpanel/userdata/[user]/[domain].php-fpm.yaml
  Otherwise, review the paths under "Optional files" if you wish to to change the default parameters. Also, the following document provides information about how to formulate the custom entries: Thank you.

  0
• 

  AndyX

  • January 20, 2017 16:51

  After making those changes to the YAML file on a specific domain name, run the following command:

  
  How come when I try to run the command I get "command not found" message? 44659

  0
• 

  cPanelMichael

  • January 20, 2017 16:54

  Hello, The full path to the script is required in the command:
  /scripts/php_fpm_config
  Thanks!

  0
• 

  AndyX

  • January 20, 2017 17:05

  Thank you, Michael. So far so good, I ran the script and my server is still running. 44663 Now I will need to make the changes to the .yaml
  /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml
  and run the script again. I'm still not clear if the first line should have a --- or that was a mistake.
  --- php_admin_value_disable_functions = { present_ifdefault: 0 }
  

  0
• 

  cPanelMichael

  • January 20, 2017 17:38

  I'm still not clear if the first line should have a --- or that was a mistake.

  
  Hello, Yes, that should be the first line. Information on YAML files is also available at: YAML - Wikipedia Thanks!

  0
• 

  AndyX

  • January 20, 2017 22:21

  I followed all the steps: 1) Created a ApachePHPFPM folder and system_pool_defaults.yaml file. 44703 2) The system_pool_defaults.yaml file contains: 44707 3) Ran the script: /scripts/php_fpm_config --rebuild --domain=example.com Of course instead of using example.com I used my domain. 4) Applied PHP-FPM 44711 And the result is a server error when I try to view my server in the browser: 44715 Looking at my error_log file I have many lines similar to this: 44719

  0
• 

  AndyX

  • January 21, 2017 16:39

  Looking at the following error.log file: /opt/ea-php71/root/usr/var/log/php-fpm/error.log 44735 I have never tried setting any pool, could that be the problem?

  0
• 

  AndyX

  • January 23, 2017 23:44

  I was never able to solve this issue.

  0
• 

  cPanelMichael

  • January 24, 2017 17:41

  Hello, Please revert any modifications you have made and let us know if the steps outlined below are helpful: 1. Create the /var/cpanel/ApachePHPFPM directory:
  mkdir /var/cpanel/ApachePHPFPM
  2. Create the /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml file:
  touch /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml
  3. Edit /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml using your preferred text editor (e.g. vi, nano) so that it looks exactly like this:
  --- php_admin_value_disable_functions: { name: 'php_admin_value[disable_functions]', value: passthru,system }
  In this example, "passthru,system" are left as disabled functions. No other lines exist before or after this entry in this file. 4. Regenerate the PHP-FPM configuration files via:
  /scripts/php_fpm_config --rebuild
  5. Restart the Apache PHP-FPM and Apache service:
  /scripts/restartsrv_apache_php_fpm /scripts/restartsrv_httpd
  Keep in mind disable_functions works differently compared to most other PHP values with PHP-FPM. When you define a custom disable_functions value in your PHP-FPM configuration, it's allowing you to disable additional functions on top of what's already disabled in the global php.ini file. For instance, let's say the following line is configured for PHP version 7.0 from WHM >> MultiPHP INI Editor >> Editor Mode:
  disable_functions = popen,proc_open
  If you were to to setup a custom PHP-FPM default value for disable_functions per the example at the top of this post, then the actual disabled functions would include passthru, system, popen, proc_open. Additionally, keep in mind the PHPINFO output on the website will match what you've configured in your custom PHP-FPM configuration file, despite the fact that additional PHP functions are disabled (this is an artifact of how PHP and PHP-FPM work as opposed to how they are implemented with cPanel & WHM). In summary, while you can add additional entries to the disable_functions PHP value through the use of a custom PHP-FPM configuration file, and customize the disable_functions PHP value for individual PHP-FPM user pools, you can't enable functions for this option that are already disabled in the global php.ini configuration file. Thank you.

  0
• 

  Floyd R Turbo

  • August 13, 2017 17:40

  'sup @AndyX! Were you able to fix this? I'm hitting the same issue after bumping to php7 and php-fpm

  0
• 

  cPanelMichael

  • August 14, 2017 15:52

  'sup @AndyX! Were you able to fix this? I'm hitting the same issue after bumping to php7 and php-fpm

  
  Do the instructions in my last response to this thread help? Thank you.

  0
• 

  Floyd R Turbo

  • August 14, 2017 18:08

  I have not, I was inquiring if @AndyX had found your recommendation to be a viable solution

  0
• 

  cPanelMichael

  • August 14, 2017 18:17

  I have not, I was inquiring if @AndyX had found your recommendation to be a viable solution

  
  The steps in my earlier response have been tested and confirmed to work. They are also utilized in the following thread: PHP-FPM - Default Settings Thank you.

  0
• 

  Odirlon Herartt

  • January 07, 2018 02:08

  Hello, Please revert any modifications you have made and let us know if the steps outlined below are helpful: 1. Create the /var/cpanel/ApachePHPFPM directory:
  mkdir /var/cpanel/ApachePHPFPM
  2. Create the /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml file:
  touch /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml
  3. Edit /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml using your preferred text editor (e.g. vi, nano) so that it looks exactly like this:
  php_admin_value_disable_functions : passthru,system
  In this example, "passthru,system" are left as disabled functions. No other lines exist before or after this entry in this file. 4. Regenerate the PHP-FPM configuration files via:
  /scripts/php_fpm_config --rebuild
  Thank you.

  
  Great! Working!!! Thanks.

  0

Please sign in to leave a comment.