How to enable PHP proc_open on DirectAdmin

By default, a new installation of DirectAdmin will be configured with the so called “PHP safe mode” enabled. This is a default security feature which disables the use of certain commands such as “proc_open”. This results in the following error messages:

PHP Warning:  proc_open() has been disabled for security reasons in ... on line ....
PHP Warning:  proc_get_status() expects parameter 1 to be resource, null given in ... on line ....
PHP Warning:  proc_close() has been disabled for security reasons in ... on line ....

In order to enable the proc_open command you need to disable the PHP safe mode.

1. Disable PHP safemode

In order to disable PHP safemode, log in with SSH to your DirectAdmin server with the “root” user, and edit the following file:

nano /usr/local/directadmin/custombuild/options.conf

This file should look like this:

#PHP Settings
php1_release=7.4
php1_mode=php-fpm
php2_release=no
php2_mode=php-fpm
php3_release=no
php3_mode=php-fpm
php4_release=no
php4_mode=php-fpm
secure_php=yes
php_ini=no
php_timezone=America/New_York
php_ini_type=production
x_mail_header=yes

In this file, search for following line:

secure_php=yes

Change the value of this line from “yes” to “no”:

secure_php=no

Proceed to save the file (in nano with ctrl + x followed by “y” + <enter>).

2. Rebuild PHP

After changing the configuration, you need to rebuild the PHP with the following command. Note that this process can take a few minutes.

cd /usr/local/directadmin/custombuild/
./build secure_php

If everything goes OK, you should be presented with the following statement:

2021/11/17 14:17:34  info starting queues
dataskq: command: action=rewrite&value=httpd
PHP 7.4.25 Installed.

3. Change PHP.ini config

The last step is to change the default PHP.ini config file, which contains a list of the disabled functions. Open the following file

nano /usr/local/php74/lib/php.ini

And search for the line:

; This directive allows you to disable certain functions.
; It receives a comma-delimited list of function names.
; http://php.net/disable-functions
disable_functions = exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname

You can either remove the proc_close and proc_open parts to enable just those commands, or you can remove the whole line to enable all these functions.

4. Restart httpd

Afterwards simply restart the Apache / PHP services to enable the changes.

service php-fpm74 restart
service httpd restart

Now the proc_open command should work!

By Leendert de Borst

Freelance software architect with 10+ years of experience. Expert in translating complex technical problems into creative & simple solutions.

1 comment

Leave a comment

Your email address will not be published.