Block users access to PHP directives

cPanel allows users to modify PHP directives on a per-directory basis. For more information on this feature check the link from the bottom of this article. Mainly a cPanel user will have to create a .user.ini file in the home directory (or any other directory) and he/she will be able to set new values for PHP directives. An example:

max_execution_time=100
memory_limit=128
etc.
user ini whm
WHM MultiPHP INI Editor

To limit this permission, you will need to edit the main PHP configuration file on the server:

1. Log into WHM as root

2. Navigate to Software >> MultiPHP INI Editor >> Editor Mode tab

3. Choose the PHP version for which you want to disable .user.ini file permission.

4. Search for “.user.ini” text. You will see the “php.ini Options” section of the configuration file

5. In order to disable the .user.ini permission, you should comment out the line “user_ini.filename =”
The “php.ini Options” section should look like this:

;;;;;;;;;;;;;;;;;;;;
; php.ini Options ;
;;;;;;;;;;;;;;;;;;;;
; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
;user_ini.filename = ".user.ini" 

;To disable this feature set this option to empty value
user_ini.filename =

; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
;user_ini.cache_ttl = 300

6. Click the Save button

If you are using multiple PHP versions you should do the same changes to all PHP configuration files.

Now your cPanel users will not be able to use .user.ini files to modify PHP directives.

Resources:
https://php.net/manual/en/configuration.file.per-user.php
https://documentation.cpanel.net/display/CKB/How+to+Customize+PHP+Directives

Leave a Reply