一、PHP配置文件的位置(PHP使用分号 ; 作为注释符号,shell使用#注释符号)
[root@daixuan www]# ls /usr/local/php/etc/php.ini PHP的配置文件的位置
/usr/local/php/etc/php.ini
[root@daixuan www]# /usr/local/php/bin/php -i | head 查看PHP的配置
phpinfo()
PHP Version => 5.4.45
System => Linux daixuan 2.6.32-573.el6.i686 #1 SMP Thu Jul 23 12:37:35 UTC 2015 i686
Build Date => Nov 28 2015 17:28:41
Configure Command => './configure' '--prefix=/usr/local/php' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-config-file-path=/usr/local/php/etc' '--with-mysql=/usr/local/mysql' '--with-libxml-dir' '--with-gd' '--with-jpeg-dir' '--with-png-dir' '--with-freetype-dir' '--with-iconv-dir' '--with-zlib-dir' '--with-bz2' '--with-openssl' '--with-mcrypt' '--enable-soap' '--enable-gd-native-ttf' '--enable-mbstring' '--enable-sockets' '--enable-exif' '--disable-ipv6'
Server API => Command Line Interface
Virtual Directory Support => disabled
Configuration File (php.ini) Path => /usr/local/php/etc
Loaded Configuration File => /usr/local/php/etc/php.ini
二、PHP详细配置
1、限制用户调用PHP某些函数
[root@daixuan www]# vim /usr/local/php/etc/php.ini
disable_functions = eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,
chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,
pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close
2、修改错误信息浏览器不显示
[root@daixuan www]# vim /usr/local/php/etc/php.ini
display_errors = Off
如果修改为On,普通用户也可以看到php错误信息。
3、配置PHP错误日志
[root@daixuan www]# ls /usr/local/php/logs 新建错误日志的目录
ls: 无法访问/usr/local/php/logs: 没有那个文件或目录
[root@daixuan www]# mkdir /usr/local/php/logs/
[root@daixuan www]# chmod 777 !$ 增加Apache生成错误日志的写入权限
chmod 777 /usr/local/php/logs/
[root@daixuan www]# vim /usr/local/php/etc/php.ini 定义php错误日志的路径php_errors.log
error_log = /usr/local/php/logs/php_errors.log
修改错误日志级别:
error_reporting = E_ALL & ~E_NOTICE #(Show all errors, except for notices)
测试
[root@daixuan www]# vim /data/www/forum.php
添加一行:123456,该行php不能解析,所以会报错。
重启Apache服务
[root@daixuan www]# ls /usr/local/php/logs/
php_errors.log
[root@daixuan www]# cat /usr/local/php/logs/php_errors.log
[03-Dec-2015 07:42:30 UTC] PHP Parse error: syntax error, unexpected 'define' (T_STRING) in /data/www/forum.php on line 11
4、限制用户访问某个目录/data/www和目录/tmp
方法一:配置所有虚拟主机只能访问/data/dir,通过修改php.ini
[root@daixuan www]# vim /usr/local/php/etc/php.ini
open_basedir = /data/www:/tmp
如果修改为:open_basedir = /data/www2:/tmp,浏览器将打不开 www.test.com,不能打开/data/www/
[root@daixuan www]# cat /usr/local/php/logs/php_errors.log
[03-Dec-2015 07:42:30 UTC] PHP Parse error: syntax error, unexpected 'define' (T_STRING) in /data/www/forum.php on line 11
[03-Dec-2015 08:59:52 UTC] PHP Warning: Unknown: open_basedir restriction in effect. File(/data/www/forum.php) is not within the allowed path(s): (/data/www2:/tmp) in Unknown on line 0
方法二:配置不同的虚拟主机不同的访问目录限制,设置apache的配置文件
注释掉php.ini的open_basedir
[root@daixuan www]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
# ServerAdmin [email protected]
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.daixuan.com
ServerAlias www.123.com
php_admin_value open_basedir "/data/www2/:/tmp/"
</VirtualHost>