In a recent post on how to allow users to configure their custom PHP settings, we discussed the steps to enable custom php ini in cPanel servers with suPHP using EasyApache 4.
But in a shared server environment, it is usually not advisable to allow customers to have their own custom php.ini file to override the server wide settings.
To limit the resource usage per customer and to prevent them from overriding the default settings that may tamper with the server security, it is safer to disable this feature.
In our role as Outsourced hosting support specialists for web hosts, we usually disable the custom php.ini feature in servers and control the server wide PHP settings via the global php ini file.
Custom user.ini in cPanel servers
In cPanel/WHM servers, the script EasyApache is used to recompile Apache/PHP in the server and to customize the php.ini settings.
When the latest version EasyApache 4 was released, it came with many features such as PHP 7 support and custom PHP version per website.
The custom php ini files for users are saved in the “.user.ini” files in the document root of the website – the public_html folder – and the settings in it will be applied to all sub folders.
Today, we’ll see how to disable the custom user.ini files in public_html for cPanel servers running EasyApache 4.
Click here to provide zero downtime hosting
Disable custom user.ini in cPanel servers using EasyApache 4
To disable the feature of users having their own custom user.ini file, the setting has to be changed in the server wide php.ini file.
As the latest Easyapache 4 allows multiple PHP versions, there is no single ‘/etc/php.ini’ for the global settings. The php.ini file location varies with the PHP version you have chosen for your cPanel server.
For example, for PHP 5.6, the php.ini file location is:
# php --ini Configuration File (php.ini) Path: /opt/cpanel/ea-php56/root/etc Loaded Configuration File: /opt/cpanel/ea-php56/root/etc/php.ini
Now, edit this ‘php.ini’ file, and un-comment the line to set the value for ‘user_ini.filename’ to empty. This will disable the feature for custom user.ini setting in the server.
;;;;;;;;;;;;;;;;;;;; ; php.ini Options ; ;;;;;;;;;;;;;;;;;;;; ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" ;user_ini.filename = ".user.ini" ; To disable this feature set this option to empty value ;user_ini.filename =
Save the settings and restart Apache and you’re all good to go with the new PHP settings.
[ Focus on your core business without interruptions. Our tech support experts are here to manage your customers 24/7. ]
At Bobcares, our 24/7 server specialists constantly monitor all the services in the server and proactively audit the server for any errors or security issues in them.
This enables us to prevent a service downtime for our customers who are web hosts. If you would like to know how to avoid downtime for your customers and to secure your servers well, we would be happy to talk to you.
Hello,
This doesn’t seem to work with CPanel v66. adding a file named php.ini will increase php settings.
Any other way to get this working again?
Regards.
Seun, In the latest v66 of cPanel, the user’s MultiPHP INI settings are as:
a. php.ini for suPHP, .htaccess if they’re using DSO
b. .user.ini if they’re using CGI or PHP-FPM
Due to the lack of local.ini, any settings not specified in their local php.ini would be PHP defaults, leaving ONLY the user’s customizations, and no server-wide configurations. Feel free to contact our 24/7 support experts here – https://bobcares.com/contact-us/ – for further assistance.
so how to disable a php.ini of a user when you are in SuPHP? Impossible ? should the [phprc_paths] section of the suphp.conf file?I confess to be a little lost …
if I understand well we can not prevent the user to put a php.ini file in his public_html if we setup suPhp is that right? if not how …