The disabled_functions setting in PHP is a configuration directive that allows you to disable specific PHP functions for security or other reasons.
When a function is disabled in disabled_functions, it cannot be used in any PHP script running on the server. This can help prevent certain types of security vulnerabilities or limit the functionality available to scripts, which may be desirable in some cases.
For example, if you have a PHP application that allows users to upload files, you might want to disable the exec function to prevent users from running arbitrary commands on your server.
You can print a list of the currently disabled functions by running the following command by SSH:
grep disable_functions /usr/local/php*/lib/php.ini
Because of the wildcard this will search through each php versions php.ini file and print the disabled functions for every one.
Example output:
[root@server1 ~]# grep disable_functions /usr/local/php*/lib/php.ini
disable_functions = exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
The singular line output indicates that only one PHP version is installed on this particular server.
First go to the custombuild directory:
cd /usr/local/directadmin/custombuild
Now create a custom directory with:
mkdir custom
Inside of this directory we are going to create a new file called php_disable_functions. This will be used by custombuild to deploy the new php.ini files. A quick and easy way to do this is to run the following:
echo "exec,system,passthru,shell_exec,proc_close,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname" > /usr/local/directadmin/custombuild/custom/php_disable_functions
In the example above the only function which I have removed is proc_open as this is a requirement for something which is going to be installed on the server.
You can replace the contents with anything you wish, for example if you only want to disable proc_open the command would be:
echo "proc_open" > /usr/local/directadmin/custombuild/custom/php_disable_functions
To apply the changes we can now run the following command from within the custombuild directory:
./build secure_php
NOTE: This method will change the disabled_functions for ALL php versions which are installed.