why don't we use exec() in php do something?

Question

As we all know,php has some functions like exec(),system() etc.

I　use it to open some program like openvpn.

I also can get the all dir's size by du -skh by replace some recursion functions.

but,the exec() in most cases is disabled default.

So I want to know why?

Because of what security issues or other reasons?

Answer 1

Typically these functions are disabled in shared hosting environments on which giving shell access to a user could lead to security issues. You don't want another guy sharing your server to be able to mess with your files.

Answer 2

PHP has a lot of functions which can be used to crack your server if not used properly. You can set list of functions in php.ini using disable_functions directive. This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names. disable_functions is not affected by Safe Mode. This directive must be set in php.ini For example, this are the list

exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,
parse_ini_file,show_source