This is implemented by making the domain's ~/etc/php.ini file editable only by the root Unix user. Be aware that this is not a foolproof method of preventing changes to the PHP configuration though - the domain owner could still specify a different config file by editing the PHP wrapper scripts in cgi-bin, running their own copy of PHP, or running PHP scripts as CGI programs.