In lamp php.ini configuration file detailed

Path:/usr/local/php/etc/php.ini

PHP uses ";" as the "comment" symbol, and the shell uses "#" as the "comment" symbol;

Edit PHP.ini

[Email protected] ~]# Vim/usr/local/php/etc/php.ini

1. Query/disable_functions set Disable function

disable_functions = Eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system, CHROOT,SCANDIR,CHGRP,CHOWN,ESCAPESHELLCMD,ESCAPESHELLARG,SHELL_EXEC,PROC_GET_STATUS,INI_ALTER,INI_RESTORE,DL, Pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close

These functions are high-risk functions that need to be suppressed for security purposes.

2. Error log related configuration

Query/display_error

Display_error=off

The default is off, if changed to ON, will show the current browser error, but also cause information leakage, affecting security.

3. Query/log_errors

Log_errors =on

4. Query/error_log

Create an absolute path

[Email protected] ~]# Mkdir/usr/local/php/logs

Grant permission (the user who generated the error log is Apache, so use 777 permissions so that he can write)

[Email protected] ~]# chmod 777/usr/local/php/logs

Edit PHP.ini, remove the front of the statement;

Change the Error_log=php_error.log to the "absolute path" of Error_log=/usr/local/php/logs/php_error.log.

5. Configure logging levels

Query/error_reporting

Error_reporting =e_all & ~e_notice (with both levels)

Save exit

: Wq

[Email protected] ~]# apachectl-t

Syntax OK

[Email protected] ~]# apachectl restart

This is how to open the error log without exposing the error message configuration method to help troubleshoot the problem.

viewing error messages :

If you find a Web browsing error

[Email protected] ~]# ls/usr/local/php/logs/

Php_error.log

[Email protected] ~]# Cat/usr/local/php/logs/php_error.log

This will allow you to view the error message.

6. Query/open_basedir

Edit PHP.ini

Open_basedir= Remove the number and change it to the following path

Open_basedir=/data/www:/tmp

This is a security option, for a single host, website, domain name, the access permissions to the specified directory, the other directory does not have access rights, so this open_basedir must be limited to the directory where the site program.

[Email protected] ~]# apachectl-t

Syntax OK

[Email protected] ~]# apachectl restart

Effect.

Extended Extension Learning:

For multiple hosts, multiple sites, multiple domain names, to configure a few open_basedir restrictions, if you use php.ini to edit, can only limit the configuration of a sentence; If you limit multiple, we can limit the Apache "Virtual Host profile", Make each virtual host a open_basedir, we split them open, each site, every virtual machine, each domain name common a open_basedir.

The configuration is as follows:

[Email protected] ~]# vim/usr/local/apache2/conf/extra/httpd-vhosts.conf

Write:

Php_admin_value Open_basedir "/data/www:/tmp"

: Wq

Now we don't need the Open_basedir configuration in the php.ini, use; Comment out

[Email protected] ~]# apachectl-t

Syntax OK

[Email protected] ~]# apachectl restart

Effective, the benefit of this is the ability to differentiate between different virtual machines.

In lamp php.ini configuration file detailed