Knowledge Base

Browse our knowledge base for free solutions to common problems

Modify Disabled PHP Functions In DirectAdmin (disabled_functions)

Created On: 28 February 2023
Written by: Ben

Introduction

The disabled_functions setting in PHP is a configuration directive that allows you to disable specific PHP functions for security or other reasons.

When a function is disabled in disabled_functions, it cannot be used in any PHP script running on the server. This can help prevent certain types of security vulnerabilities or limit the functionality available to scripts, which may be desirable in some cases.

For example, if you have a PHP application that allows users to upload files, you might want to disable the exec function to prevent users from running arbitrary commands on your server.

Change disabled_function on DirectAdmin

Print currently disabled functions

You can print a list of the currently disabled functions by running the following command by SSH:

grep disable_functions /usr/local/php*/lib/php.ini

Because of the wildcard this will search through each php versions php.ini file and print the disabled functions for every one.

Example output:

[root@server1 ~]# grep disable_functions /usr/local/php*/lib/php.ini
disable_functions = exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname

The singular line output indicates that only one PHP version is installed on this particular server.

Change disabled_functions set

First go to the custombuild directory:

cd /usr/local/directadmin/custombuild

Now create a custom directory with:

mkdir custom

Inside of this directory we are going to create a new file called php_disable_functions. This will be used by custombuild to deploy the new php.ini files. A quick and easy way to do this is to run the following:

echo "exec,system,passthru,shell_exec,proc_close,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname" > /usr/local/directadmin/custombuild/custom/php_disable_functions

In the example above the only function which I have removed is proc_open as this is a requirement for something which is going to be installed on the server.

You can replace the contents with anything you wish, for example if you only want to disable proc_open the command would be:

echo "proc_open" > /usr/local/directadmin/custombuild/custom/php_disable_functions

To apply the changes we can now run the following command from within the custombuild directory:

./build secure_php

NOTE: This method will change the disabled_functions for ALL php versions which are installed.

ICTU LTD is a company registered England and Wales (Company No. 09344913) 15 Queen Square, Leeds, West Yorkshire, England, LS2 8AJ
Copyright © 2024 ICTU LTD, All Rights Reserved.
exit