How does HestiaCP enable PHP functions shell_exec, passthr, system, exec?

currently usingHestiaCPWhen administering your server, sometimes you may need to enable some PHP functions that are disabled by default, such as shell_exec, passthru, system, and exec.

These functions are very powerful, but they also present certain security risks, so before enabling them, make sure your server environment is secure and only allow trusted users to access them.

Why do I need to enable these PHP functions?

These functions are very useful in certain situations.

For example, when you enable certainWordPress pluginThese functions are essential when there are certain conditions or you need to execute some system commands on the server.

However, these functions also pose potential security risks.

Improper use may lead to server attacks, so please be careful.

Edit the php.ini file

To enable these functions, you first need to edit the php.ini file.

This is the PHP configuration file that controls various PHP settings.

Step 1: Find the php.ini file

In HestiaCP, you can find and edit the php.ini file in the following path:

1. Enter the HestiaCP control panel.
2. Navigate to Server Settings.
3. Click Edit PHP Service (a pencil icon will appear when you hover over the service name).
4. Select Advanced options.

Here, you can modify the php.ini file.

Step 2: Modify the disable_functions setting

In the php.ini file, there is a setting called disable_functions.

This setting defines which PHP functions are disabled.

To enable shell_exec, passthr, system, and exec, you need to remove them from the disable_functions list.

Disable_functions settings before modification:

disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,exec,system,passthru,shell_exec,proc_open,popen

In this configuration, shell_exec, passthr, system, and exec are disabled.

Modified disable_functions setting:

disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,proc_open,popen

In this configuration, shell_exec, passthr, system, and exec have been removed, enabling these functions.

Step 3: Save changes

After completing the modification, save the php.ini file.

Make sure all changes are saved correctly so that the new configuration can be applied.

Restart PHP Service

After completing the modification of the php.ini file and saving it, you need to restart the PHP service for the changes to take effect.

You can restart the PHP service by following these steps:

1. Return to the HestiaCP control panel.
2. Navigate to Server Settings.
3. Select the PHP service and click Restart.

Verify configuration

After restarting the PHP service, you can verify that these functions are enabled by running a simple PHP script.

For example, you could create a PHP file with the following content:

<?php
echo shell_exec('echo Hello World');

Then, access the file through the browser. If the output is "Hello World", it means that the shell_exec function has been enabled.

Safety Tips

Although these functions are enabled, please be careful with security.

Make sure your server is secure and that only trusted users have access to these features.

Update the server regularlysoftware, and use strong passwords and other security measures to protect your server.

Final Thoughts

In this article, we learned how to enable PHP functions shell_exec, passthr, system, and exec in HestiaCP.

While these functions are very powerful, they also introduce security risks.

Therefore, when enabling these functions, be sure to ensure that your server is secure and that only trusted users are allowed access.

I hope this article was helpful, and if you have any questions, feel free to contact me!