Prevent Server owner from tempering with Php Configuration

Hello,
I would like to prevent my user from editing their php.ini so that I can leave php safe_mode on at all time.
What I did:
System Settings->Server Templates->Apache website->Allow editing of PHP configuration? = No

Yes the owners can still edit their configuration file. They can change the maximum memory usage to what ever they want and disable safe_mode if they want. This is a major security problem and I would like to know how to change that.

Also, how do I change the initinal php.ini model to make it so safe_mode is set to On?
Is there a way to make Server Owner use the Global File only?

I use GPL version.

Thank you very much if you can help me.

What method of PHP execution are you using? mod_php or FCGId?

The option you changed states this in the help text:

This is implemented by making the domain’s ~/etc/php.ini file editable only by the root Unix user.

Can you verify if the user’s php.ini is correctly created after you change the option? Also, note that changing that option only applies to newly created domains, it will not change the file owner of existing domains.

If you use FCGId, which it looks like, users can always change php.ini files no matter what is disabled in virtualmin.
Because as being the owner of files and folders they can rename the appropiate folder too and insert their own php.ini in a newly created php folder. Also they could create a php.ini in their public root.

However to discourage you can mute the files with chattr +i, not even root can change the file then.
Create an immutable.sh with following code

cd /home ; find -type f -name php.ini -maxdepth 4 | awk {'print "chattr +i "$1'} |sh cd /home ; find -type d -name etc -maxdepth 2 | awk {'print "chattr +i "$1'} |sh cd /home ; find -type f -name php5.fcgi | awk {'print "chattr +i "$1'} |sh cd /home ; find -type d -name fcgi-bin -maxdepth 2 | awk {'print "chattr +i "$1'} |sh

and create one mutable.sh with all +i instances replaced by -i
add a rule in virtualmin: command to run before creating a virtual server and tell it to run the mutable.sh, also command to run after creation of a virtual server and tell it to run the immutable.sh

I was trying to do the same few days ago. My users have no SSH access so I just put .ftpaccess file to every directory I want them not to visit. The file contains just DenyAll. All is prepared in /etc/skel to be applied for every new server.

Thank you very much, using chattr did exactly what I wanted it to do.