The disable_functions directive is a setting in the PHP configuration file (php.ini) that is critical for server security. This setting prevents the execution of specific PHP functions, thereby preventing potentially harmful scripts from damaging the system.

The following example disable_functions value is quite comprehensive and disables many critical functions:

disable_functions = hopenbasedir, system, cat, proc_nice, show_source, posix_mkfifo, mysql_list_dbs, get_current_user, getmyuid, pconnect, link, symlink, pcntl_exec, ini_alter, leak, apache_setenv, posix_kill, posix_setpgid, posix_setsid, posix_setuid, proc_terminate, syslog, socket_select, socket_create, socket_create_listen, socket_create_pair, socket_listen, socket_accept, socket_bind, socket_strerror, pcntl_fork, pcntl_signal, pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, openlog, apache_get_modules, apache_get_version, apache_getenv, apache_note, virtual, user_dir, ini_restore, mail, phpmail, sendmail, passthru, highlight_file, ignore_user_abord, listen, pclose, shell, define_syslog_variables, dl, showsource, ftp_exec

Why Are These Functions Blocked?

Functions like system, passthru, exec, shell_exec can execute commands from the command line.
System processes can be controlled with pcntl_*, posix_* functions.
Connections to external IPs can be opened with socket_* functions.
mail, phpmail, sendmail functions can be used to send spam or unauthorized mail.
Functions like highlight_file, show_source, dl can cause source code to be displayed or extensions to be loaded.
Functions like apache_get_*, virtual, apache_note provide information about the server and can lead to configuration manipulations.

Security Advantages

Prevents users from damaging the server in shared hosting environments.
Provides additional security against attacks such as RFI/LFI, mail spamming, and reverse shells.
Greatly reduces the ability of externally loaded PHP shells to perform operations on the system.

Where Is It Defined?

Globally in the /etc/php.ini file
Or in user-based php.ini, .user.ini, htaccess, or cloudlinux custom settings

To Check:

phpinfo();

echo ini_get('disable_functions');

Note:

Blocked functions may be necessary for the developer. For example, if the mail() function is disabled, contact forms may not work. Therefore, functions to be used in a live environment should be analyzed in advance and given special permission.

The disable_functions configuration is a critical layer of defense for creating a secure PHP environment.