Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Adding open_basedir for multiple users

Discussion in 'Workarounds and Optimization' started by JLafranca, Apr 26, 2018.

  1. JLafranca

    JLafranca Registered

    Joined:
    Apr 26, 2018
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    cPanel Access Level:
    Reseller Owner
    Dear all,

    I am having some problems adding open_basedir for multiple users.

    I am editing my file system_pool_defaults.yaml in /var/cpanel/ApachePHPFPM.
    Where I am trying to add the following lines:

    Code:
    php_value_open_basedir: { name: ‘php_value[open_basedir]’, value: /home/[% username %]/public_html:/tmp:/var/cpanel/php/sessions/ea-php70:/home/[% username %]/public_html/tmp:/home/[% username %]/public_html/logs }
    
    However, this does not seem to work, I am getting a 503 error.
    Could you assist?

    Best wishes,
    Jeff
     
  2. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    944
    Likes Received:
    66
    Trophy Points:
    103
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
  3. JLafranca

    JLafranca Registered

    Joined:
    Apr 26, 2018
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    cPanel Access Level:
    Reseller Owner
    Yes, I have, but I am under PHP-FPM, and I understood from other documentation, that the open_basedir tweak in WHM does not apply to that. Furthermore, I already had this option on, but after migrating to PHP-FPM, this became ineffective. :)
     
  4. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    944
    Likes Received:
    66
    Trophy Points:
    103
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi,

    We've actually been trying to test this on my test server using php-fpm as well and are experiencing issues getting open_basedir to be enabled globally the value added in the yaml file doesn't put out any errors for us but it also doesn't enable open_basedir. We did find that adding it to the /opt/cpanel/ea-phpXX/root/etc/php-fpm.conf file and restarting php-fpm did respect the change when rebuilding the php-fpm config it gets deleted.

    I'd like to see if it would be possible for you to open a ticket for this (enabling open_basedir globally for php-fpm). If you can please use the link in my signature and update this thread with the ticket ID.

    Thank you,
     
  5. JLafranca

    JLafranca Registered

    Joined:
    Apr 26, 2018
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    cPanel Access Level:
    Reseller Owner
    Thanks for your help so far, I managed to open a ticket.

    Your Support Request ID is: 9475831
     
  6. Ricky G.

    Ricky G. Linux Technical Analyst I
    Staff Member

    Joined:
    May 21, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Houston Tx.
    cPanel Access Level:
    Root Administrator
    Just for future reference I wanted to provide the solution to this issue should anyone come across this thread.

    The line shown below was added to the file "/var/cpanel/ApachePHPFPM/system_pool_defaults.yaml"
    Code:
    php_value_open_basedir: { name: 'php_value[open_basedir]', value: "[% documentroot %]" }
    
    Once that is added, you then need to rebuild your PHP-FPM configs which can be done with the command below.
    Code:
    /usr/local/cpanel/scripts/php_fpm_config --rebuild
    
    Rebuilding the configuration will also restart PHP-FPM for you after it's done so the changes should go into effect immediately. You can check that the open_basedir directive was added to your users pools with the one liner below. This simply prints the number of files that contain the open_basedir directive in it.
    Code:
    grep -c open_basedir /opt/cpanel/ea-php70/root/etc/php-fpm.d/* | awk -F':' '{SUM+=$2}END{print SUM}'
    
    If you wish to check that the directive is active with an account, the php script below can be added to a site and when accessed will print whether it's enabled or not.
    PHP:
    <?php
    echo 'Open_basedir: ',(ini_get('open_basedir') ? 'Enabled' 'Disabled');
    ?>
    You can read more about how to make changes like these to your PHP-FPM system and user pool configurations at the links below.

    PHP-FPM Configuration Template Locations

    PHP-FPM System and User Pool Directives

    Hope this helps!
     
  7. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    944
    Likes Received:
    66
    Trophy Points:
    103
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
Loading...

Share This Page