You could probably do this with a "php_admin_value" entry in httpd.conf's virtual host section.

Looking at the section on php.ini directives, we see that the 'disable_functions' can be set in the "php.ini only".

Looking at the description for this directive ([link]), we see this:

This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names. disable_functions is not affected by Safe Mode.

This directive must be set in php.ini For example, you cannot set this in httpd.conf.

Sorry!

See here.

U'r killing me!

well.. this does constitues a discomfort.
I wonder why is it not been thought of that I may actually do want to have those setting override to specific virtual domains.

I wonder if anyone at PHP will take this into consideration and attempt to offer that option through httpd.conf.

I'll submit a bug/feature request. I wonder if anyone will take the time to read it and reply.

Thanks guys, you gave me the end answer I was hoping not get, but it brings closure to my search.

I appreciate the help.

-Alon.

It isn't that they haven't thought of it; quite the opposite. It's disabled because they put much emphasis on security.

Let's say you own the server PHP is running on. You don't want your clients using dangerous functions like the ones you described. So, naturally, you disable them.

What good would it do if you also allow them to use a .htaccess file, and they discover they can simply override your setting? They could terrorize your server using PHP even though you tried to prevent it.

The makers of PHP have tried very hard to blend both usability and security into a versatile language construct, but there are some points where security simply had to override preference.

Originally posted by bradgrafelman
It isn't that they haven't thought of it; quite the opposite. It's disabled because they put much emphasis on security.

Let's say you own the server PHP is running on. You don't want your clients using dangerous functions like the ones you described. So, naturally, you disable them.

What good would it do if you also allow them to use a .htaccess file, and they discover they can simply override your setting? They could terrorize your server using PHP even though you tried to prevent it.

The makers of PHP have tried very hard to blend both usability and security into a versatile language construct, but there are some points where security simply had to override preference.

I didn't say provide users with override on options.
You can selectively make the decision on what to allow for override in .htaccess.

For all that I care,. with the security option at hand, I would have an include phpdisablefunctionoverride.ini file that of course only the root can use - similar to the php.ini.
This is should certainly be of very restrictive nature, and be it httpd.conf with restrictive override, or an additional include of an ini file where users can't gain access,. either one of those solutions if fine with me.
There are many ways to overcome that sort of obstacle. It is just a matter of willingness.

-Alon.