How to protect/secure php.ini with SuPHP?

May 7, 2010    |   Posted by admin   |    Category: cPanel Management

When Apache is compiled as CGI/SuPHP, it allows users to create their own php.ini file under their home directory and modify the php values as per their wish.

This may increase security concerns on the server and hence to protect/secure php.ini in SuPHP enabled servers, force every user to use a common php.ini file.

This can be achieved by defining the path of server side php.ini file using suPHP_ConfigPath directive. To force users to use server side php.ini file, create suphp_configpath.conf

# pico /usr/local/apache/conf/userdata/suphp_configpath.conf

and add the following lines

<IfModule mod_suphp.c>
<Location />
suPHP_ConfigPath /usr/local/lib/
</Location>
</IfModule>

Once done, save the file and rebuild the Apache configuration so it picks up the changes.

# /usr/local/cpanel/bin/apache_conf_distiller --update --main
# /usr/local/cpanel/bin/build_apache_conf

To verify the include files, execute:

# /scripts/verify_vhost_includes

It will display the path of the .conf file you created. Restart the Apache service once

# /scripts/restartsrv httpd

This will ensure all the users use the server side php configuration file. If you wish to keep the php.ini elsewhere, just change the value of “suPHP_ConfigPath” and follow the above steps.

Comments Off on How to protect/secure php.ini with SuPHP?

Fatal error: Call to undefined function mysql_connect()

May 2, 2010    |   Posted by admin   |    Category: Linux Administration

When PHP is not compiled with Mysql, you receive ‘Call to undefined function mysql_connect’ error message on your website

Fatal error: Call to undefined function mysql_connect()
 in filename.php on line xx

In order to fix the issue, install the “php-mysql” package using yum

# yum install php-mysql

Once installed, restart the httpd service

# service httpd restart

To verify if the package is installed properly, execute

# php -i | grep mysql
Comments Off on Fatal error: Call to undefined function mysql_connect()