I've added the following line in php.ini:
disable_functions = exec,shell_exec,dir,readfile,dl,passthru,popen,chown,phpinfo,chown,system
I do this because
A) Permission setup. All users are part of the group users. All folders/files in /home are 705
B) PHP runs as an 'other' (if it didn't no user could use php scripts)
C) since PHP can read users scripts, other users can abuse the above commands to view (and possibly change!) a users files. Bad stuff.
What I would like to do is this:
Keep those functions disabled, but allow the php files in a certain directory (mainly my htdocs directory, not writable by anyone by root and nobody) to use the diabled functions.
Is there a way to do this?