You can provide each user or domain its own php.ini file. There are two basic ways to provide each user a php.ini file:
a) Setup chrooted jail for each domain and user will get /etc/php.ini inside each jail
b) Setup individual fastcgi instance for each domain along with php.ini
Let us say you have two domains as follows
- theos.in php.ini location /home/lighttpd/theos.in/php.ini
- cyberciti.biz php.ini location /home/lighttpd/cyberciti.biz/php.ini
- /etc/php.ini - generic file for the rest of all domains
You need to add following directives to lighttpd.conf file:
$HTTP["host"] =~ "(^|\.)theos\.in$" {
server.document-root = "/home/lighttpd/theos.in/http/"
accesslog.filename = "/var/log/lighttpd/theos.in/access.log"
server.error-handler-404 = "/index.php?error=404"
fastcgi.server = ( ".php" =>
((
"bin-path" => "/usr/bin/php-cgi -c /home/lighttpd/theos.in/php.ini",
"socket" => "/home/lighttpd/theos.in/php-cgi.socket",
))
)
}
$HTTP["host"] =~ "(^|\.)cyberciti\.biz$" {
server.document-root = "/home/lighttpd/cyberciti.biz/http/"
accesslog.filename = "/var/log/lighttpd/theos.in/access.log"
server.error-handler-404 = "/index.php?error=404"
fastcgi.server = ( ".php" =>
((
"bin-path" => "/usr/bin/php-cgi -c /home/lighttpd/cyberciti.biz/php.ini",
"socket" => "/home/lighttpd/cyberciti.biz/php-cgi.socket",
))
)
}Note option -c /path/to/my/custom/php.ini passed to /usr/bin/php-cgi. It will force php to Look for php.ini file in the directory path specified by us.
Now end users can modify php.ini as per requirements.
Pitfalls
- Although a user can make changes to php.ini file, you still need to restart a web server using root or equivalent privileges
- This may also open your box to new security issue such as wrong php.ini settings or user can load any custom php modules
You can apply same settings to Apache web server using jail or lighttpd fastcgi as a proxy.
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 2 comments… read them below or add one }
This trick doesn’t work any more, i ‘ve tested under debian/ubuntu and archlinux.
You can custom php.ini just add environment PHPRC in your virtualhost.
fastcgi.server = ( “.php” => ((
“bin-path” => “/usr/bin/php-cgi”,
“socket” => “/tmp/php.socket”,
“bin-environment” => (
“PHP_FCGI_CHILDREN” => “3″,
“PHP_FCGI_MAX_REQUESTS” => “1000″,
“PHPRC” => “/usr/www/vhost1/php.ini”
),
“bin-copy-environment” => (
“PATH”, “SHELL”, “USER”
),
“broken-scriptfilename” => “enable”
)))