Best way to limit php.ini settings

[coursevector]

I'm looking for a way to allow users to make changes to PHP.ini (or .user.ini) but have them limited to a maximum setting. I know suhosin used to be capable of this, but since it doesn't support PHP 7 is there an alternative way to handle this? On top of this pipe-dream, if there is a way to exclude certain accounts from this limit (say, if they pay more on a shared server) how would this be done?
Use-case would be to set the PHP memory to something like 64MB, allow users to change it up to 256MB, and if they pay for more then to allow them to adjust it 512MB (or something).

 

[ankeshanand]

You can limit them through Virtualization of LVE Manager. LVE Manager is a CloudLinux Addon which Allows you to limit each customer's resources. By Default, It limits each user to 1 Core CPU and 1GB RAM and 1MB/s IO/s but you can change it as well.

 

[cPRex]

CloudLinux would definitely be the way to go here.

 

[coursevector]

OK, thanks for the feedback. CloudLinux is a bit pricey so we only have it on a few servers but good to know. So the memory limit is per process and not cumulative correct?

 

[cPRex]

CloudLinux memory and CPU limits would be set per-user.

 

[coursevector]

OK, so if i set a memory limit of say 128MB for a user. Does that mean the user can have 2 processes using 128MB each or 2 process totally 128MB?

 

[cPRex]

In your example, that would mean those 2 processes, or however many processes the user had running, could not exceed 128M.

 

[coursevector]

Gotcha ok. So there is nothing to limit per process (which is what suhosin did), correct?

 

[ankeshanand]

OK, so if i set a memory limit of say 128MB for a user. Does that mean the user can have 2 processes using 128MB each or 2 process totally 128MB?

It depends upon user process. A total of 100 CPU Process can also run on 128MB. PHP.ini Limits are Based on Limits of each site. For example, Of you set php.ini to 1G , The site can only occupy 1G of RAM. But of Course, Users can edit php.ini so to Limit Per user, CloudLinux LVE is used.

 

[cPRex]

Gotcha ok. So there is nothing to limit per process (which is what suhosin did), correct?

Correct - with the limit placed on the overall cPanel user, a per-process limit isn't really needed.

 

[ankeshanand]

Gotcha ok. So there is nothing to limit per process (which is what suhosin did), correct?

Suhosin is for Preventing bugs. Like any bug can trigger full RAM usage. Suhosin is not recommend in Shared Hosting as it can degrade performance adversly. and I also don't know if cPanel would even work correctly with the extension as it may break any process in between!