2

I'm running a setup with PHP 5.3.8 and use php-fpm with its chroot functionality to separate multiple customers. So each customer has it's own chrooted PHP-environment, which is quite fine.

I now want to disallow that a customer can change the memory_limit of his PHP-instance by using ini_set. On the other hand I don't want to disable ini_set completely. So I'm searching for a possibility to disable the possibility to set specific PHP configuration options (like memory_limit) via ini_set.

Does somebody know how to achieve that?

BenMorel
  • 4,507
  • 10
  • 57
  • 85
Dunedan
  • 21
  • 1
  • 2
  • Look into [suhosin](http://www.hardened-php.net/suhosin/) it is well suited to hardening PHP for hosting environments, including preventing alteration of the memory_limit – cyberx86 Nov 27 '11 at 04:02

3 Answers3

1

You can't, without patching the PHP source code.

devicenull
  • 5,622
  • 1
  • 26
  • 31
1

As cyberx86 noted in his comment, it's at least possible with suhosin to disallow changes to memory_limit during runtime. The configuration option for that in suhoshin is called suhosin.memory_limit.

Dunedan
  • 131
  • 5
1

For Apache, you can set something like the following in httpd.conf:

php_admin_value memory_limit 2G

and that will make pointless any line in a script like:

ini_set('memory_limit', '4096M');

You can read more here.

HTH

Francisco Zarabozo
  • 251
  • 2
  • 3
  • 12