Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am wondering whether I can use a php.ini file at the directory level? Specifically, I have a domain pointed to a virtual document root in a sub-directory and would like to override some php.ini values previously defined in the php.ini file located in the physical root directory.
Is this possible simply by redefining these values in a new php.ini in the sub-directory? I'm trying to stay away from defining these in .htaccess file.
In general no, but in special (CGI/FastCGI) yes: http://php.net/configuration.file.per-user
Since PHP 5.3.0, PHP includes support for .htaccess-style INI files on a per-directory basis. These files are processed only by the CGI/FastCGI SAPI. This functionality obsoletes the PECL htscanner extension. If you are using Apache, use .htaccess files for the same effect.
In addition to the main php.ini file, PHP scans for INI files in each directory, starting with the directory of the requested PHP file, and working its way up to the current document root (as set in $_SERVER['DOCUMENT_ROOT']). In case the PHP file is outside the document root, only its directory is scanned.
You can only set a limited subset of the ini-options in the user-ini-file. If you are hosting several independent sites on one server, you should consider FastCGI anyway, to keep them separated. With php5-fpm it's very easy to setup many pools of workers.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
In which diretory should script files for cronjobs be saved? Available to the public inside var/www/html or better inside var/www/files or ...?
Re-posting comments from above, for easier reference and clarity:
Why would you want to make cronjob script files available to the public? If you're distributing them, var/www/* would be a fine place to put them. If you're intending to run them on your server, put them somewhere that isn't public facing, like your /home directory
Cron only needs its scripts to be in a directory it can access. While it can definitely access /var/www/, so can (potentially) the public; it depends on your configuration. If you're running Apache as your web-server, then accessibility of any directory under the web root (usually, and likely in this case, /var/www) is configured by .htaccess files (or in a Directory block in your main server config). By default, all sub-directories and files are accessible. If you don't care about other people seeing your cron scripts, go ahead and put it in var/www. Otherwise, put them somewhere else or change your server configuration
The best way to do that you want, is create a new directory dedicated to save the scripts, for example, /var/www/html/scripts
In that way, people is able to see the the sctipts and for crontab schedule too.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
Over the past, i've seen a cpanel account (with addon domains) getting infected from an outdated wordpress installation and spreading itself to other domains since all addon domains were included under public_html folder.
ie.
/home/user/public_html/domain1.com
/home/user/public_html/domain2.com
I know that this can be prevented by purchasing a reseller cpanel account and have seperated cpanel accounts for every domain, ie:
domain1: /home/user1/public_html/
domain2: /home/user2/public_html/
I was wondering if a php infection can be spread when the directory tree is as follows:
/home/user/domain1.com/public_html/
/home/user/domain2.com/public_html/
both domains got the same user but they are not sharing the same public_html folder, however they are sharing the same user.
Can an infection from /home/user/domain1.com/public_html/ take advantage of the user permissions and files ownage to be spreaded/copied to /home/user/domain2.com/public_html/
??
Yes, there only thing special about the public_html directory is that is the root directory the web server is using to serve files from. But as far as the file system on the server is concerned, it is all the same.
The problem is not with public_html, but rather file and directory permissions. A file run inside of the "public_html" directory can still access files in it's parents directory
If the server that is hosting cpanel gives you the ability to remotely add files to a directory inside of /home/user1, then your PHP files will also have access to it.
With PHP you can disable built in functions to chmod, and the ability to run shell commands which will prevent a PHP script from changing the permissions of files/directories, which may be worth looking at. But in general it's better to isolate each site from each other to limit potential security vulnerabilities
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have been using PHP 5.3.3 for awhile and have customized many things in php.ini and added some extra extensions. how i can upgrade to 5.3.8+ without leaving installed extensions and php.ini configuration?
Just make a backup of your php.ini and copy it over when you're done upgrading. As to extensions, if they're built-in extensions (or if you're using something like WAMP, XAMPP, or Zend Server that bundles the extensions you need) then you shouldn't need to do anything else, but if not then those extensions will need to be recompiled for the new version of PHP (make sure you download the latest release of the extension for PHP 5.3.x first). Many extensions can be installed using PECL, which makes things a bit easier.
There is a directory called PHPRCDocs on your disk. Set it to the version you want to have actively supported.
Also take care that the windows %PATH% environment variable point to the PHP installation you want to use by default on the system if you want to use it in command-line-interface.
If you have a webserver configured, look into your websevers documentation how you specify the path to the PHP webserver module, Fast CGI Process manager or CGI executeable. It also needs to point to that path.
Alternatively to install into a new directory you can also rename the old PHP directory and create a new directory with the same name as the previous one. PHP configuration is based on ini-file, so you can have multiple versions on the same system next to each other easily.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have a hosted website with cPanel. I want to modify php.ini, but I don't get where that file is on server. I tried to find the location of the file using phpinfo() and I got the location as /usr/local/lib/php.ini but when I search in file manager I'm unable to find this location.
I looked at https://stackoverflow.com/a/3401536/1989696 and followed the same steps, but I'm not sure how to tell if the webserver supports SSH or SFTP access.
Also, how can I locate the php.ini file?
Unless you have a dedicated or virtual server, you are not allowed to edit system-wide PHP settings.
If PHP runs as CGI, you'll possibly have a custom .ini file you can tweak:
... or, if your PHP version is 5.3 or greater, you can create your own .user.ini files.
If PHP runs as Apache module:
... you can use good old .htaccess.
And, of course, 95% of the PHP settings can just be changed from within PHP code:
ini_set()
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
When I print out the phpinfo(), it shows my Configuration File (php.ini) Path as /usr/local/php/lib Which is correct, and where the custom ini file is located. But my Loaded Configuration File is (none). It seems like my PHP is not loading the custom ini file, although it is there where the file is looking.
I have attempted to recompile PHP, and it had no effect.
I am currently running PHP 5.2.14 on Ubuntu on Apache.
Yes, I restarted apache. I also tried to stop it and start it completely fresh.
Also a slight addition: The PHP server is running fine. I have been running this server for 6 months with no issues. It is running off of the default settings it seems, and all extensions I have compiled PHP with work, like xmlrpc and mbstring. They are shown in the PHP info.
If the Loaded Configuration File is (none), then you do not have installed PHP and Apache correctly. Try to re-install them again (in my opinion first the PHP and then the Apache). It is less time consuming than trying to change configuration. When Loaded Configuration File is (none) and PHP and Apache is working, it means that your server is using a default configuration file (default php.ini), but not your modified one.
Check the file permissions of your php.ini file. Could be that it is THERE but apache cannot access it, should be same user & group of your apache user (www-data)
Usually you can do this:
sudo chown www-data.www-data php.ini