How to Disable Functions with FastCGI?

Is it possible to disable functions using FastCGI to specific sites or to all sites, but not mess with the ispconfig server.

I can add it to the /etc/php.ini, but then it adds it to ispconfig as well.
In Ispconfig 2 there was a seperate php.ini file, but I don't see one in ISP3.

I also tried adding it to htaccess and also the "Options" tab in ISP3 admin for the website using:
php_admin_value disable_functions "exec,shell_exec,system"
but did not work even after restarting apache.

I would like to use FastCGI with Suexec because I want to be able to upload files to a directory without making the directories 777.

I would like to disable functions like exec,shell_exec,popen,dl, Etc.
I am not sure wich ones are used by ISP3 and I don't want to chance it.

 

Thank you.
That was very helpful.

I am using CentOS 5.4 on a 32bit system. I used the Perfect Server Setup.

Does CentOS use all three files as well. If so were are they located.

Also are you saying that with FastCGI you can't use any php_admin_value.
Does that also apply to ini_set() in php?

Do you think that I have my site setup correctly?
I am using FastCGI with suexec. This server will only be used for one main site. There might be secondary sites (subdomains, static domains, Etc.), but the server will not be used for hosting.

My Main Purposes:
I want to be able to upload files to a directory that doesn't need to have 777.
I also need speed so Su-PHP is not ideal.
If need be I am willin to use MOD-PHP and change the apache user and group to my FTP User so that files can be uploaded to a 755 directory, but I wasn't sure if that would mess with ISPC Server.

Please let me know if I am on the right track or not.
Thanks.

 

Thanks

I was able to link it to a custom php.ini file.

Correct all .htaccess php_admin_value variables do not work under fastCGI, but all ini_set() in php still work fine.

As a side note the -d attributes in the .php-fcgi-starter file do NOT work with fastCGI. I take it you already know this, but incase others don't.

I got a custom php.ini file to work by adding " -c /var/www/php-fcgi-scripts/php.ini" to "exec /usr/bin/php-cgi". I also copied /etc/php.ini to /var/www/php-fcgi-scripts/php.ini. Then reload or restart httpd or apache. I made some other changes, but I don't think that they are that important, but here is my settings for .php-fcgi-starter:

Code:

#!/bin/sh
PHPRC="/var/www/php-fcgi-scripts/"
export PHPRC
PHP_DOCUMENT_ROOT="/var/www/clients/client0/web1"
export PHP_DOCUMENT_ROOT
# The variable PHP_FCGI_CHILDREN is onyl useful for lighty or nginx as apache
# mod_fcgi will control the number of childs themself and never use the additional processes.
# PHP_FCGI_CHILDREN=8
# export PHP_FCGI_CHILDREN
PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_MAX_REQUESTS
exec /usr/bin/php-cgi -c /var/www/php-fcgi-scripts/php.ini \
 -d open_basedir=/var/www/clients/client0/web1 \
-d upload_tmp_dir=/var/www/clients/client0/web1/tmp \
-d session.save_path=/var/www/clients/client0/web1/tmp \
 $1

PS. .php-fcgi-starter will revert back each time you save the website settings in ISPC Admin.
Also I didn't want to have to recreate this each time I saved my site so I made some changes to usr/local/ispconfig/server/plugins-available/apache2_plugin.inc.php to include these changes every time I made a new website with fastCGI. I beleive its around line 700. look for

PHP:

if ($data["new"]["php"] == "fast-cgi")
        {

However it would be nice if in the server I can specify if the website will use a custom php.ini and even change the settings directly from the server admin. I can even do this, but since my new server will only have one main site I have no time to waste making that change.

When I was messing with this I noticed that I was even able to specify a custom php.ini file for mod_php so I think it would be a good Idea to include this feature.

thanks again.