Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Adding open_basedir for multiple users

Discussion in 'Workarounds and Optimization' started by JLafranca, Apr 26, 2018.

  1. JLafranca

    JLafranca Registered

    Joined:
    Apr 26, 2018
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    cPanel Access Level:
    Reseller Owner
    Dear all,

    I am having some problems adding open_basedir for multiple users.

    I am editing my file system_pool_defaults.yaml in /var/cpanel/ApachePHPFPM.
    Where I am trying to add the following lines:

    Code:
    php_value_open_basedir: { name: ‘php_value[open_basedir]’, value: /home/[% username %]/public_html:/tmp:/var/cpanel/php/sessions/ea-php70:/home/[% username %]/public_html/tmp:/home/[% username %]/public_html/logs }
    
    However, this does not seem to work, I am getting a 503 error.
    Could you assist?

    Best wishes,
    Jeff
     
  2. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,721
    Likes Received:
    186
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. JLafranca

    JLafranca Registered

    Joined:
    Apr 26, 2018
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    cPanel Access Level:
    Reseller Owner
    Yes, I have, but I am under PHP-FPM, and I understood from other documentation, that the open_basedir tweak in WHM does not apply to that. Furthermore, I already had this option on, but after migrating to PHP-FPM, this became ineffective. :)
     
  4. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,721
    Likes Received:
    186
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi,

    We've actually been trying to test this on my test server using php-fpm as well and are experiencing issues getting open_basedir to be enabled globally the value added in the yaml file doesn't put out any errors for us but it also doesn't enable open_basedir. We did find that adding it to the /opt/cpanel/ea-phpXX/root/etc/php-fpm.conf file and restarting php-fpm did respect the change when rebuilding the php-fpm config it gets deleted.

    I'd like to see if it would be possible for you to open a ticket for this (enabling open_basedir globally for php-fpm). If you can please use the link in my signature and update this thread with the ticket ID.

    Thank you,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. JLafranca

    JLafranca Registered

    Joined:
    Apr 26, 2018
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    cPanel Access Level:
    Reseller Owner
    Thanks for your help so far, I managed to open a ticket.

    Your Support Request ID is: 9475831
     
  6. Ricky G.

    Ricky G. Linux Technical Analyst I
    Staff Member

    Joined:
    May 21, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    76
    Location:
    Houston Tx.
    cPanel Access Level:
    Root Administrator
    Just for future reference I wanted to provide the solution to this issue should anyone come across this thread.

    The line shown below was added to the file "/var/cpanel/ApachePHPFPM/system_pool_defaults.yaml"
    Code:
    php_value_open_basedir: { name: 'php_value[open_basedir]', value: "[% documentroot %]" }
    
    Once that is added, you then need to rebuild your PHP-FPM configs which can be done with the command below.
    Code:
    /usr/local/cpanel/scripts/php_fpm_config --rebuild
    
    Rebuilding the configuration will also restart PHP-FPM for you after it's done so the changes should go into effect immediately. You can check that the open_basedir directive was added to your users pools with the one liner below. This simply prints the number of files that contain the open_basedir directive in it.
    Code:
    grep -c open_basedir /opt/cpanel/ea-php70/root/etc/php-fpm.d/* | awk -F':' '{SUM+=$2}END{print SUM}'
    
    If you wish to check that the directive is active with an account, the php script below can be added to a site and when accessed will print whether it's enabled or not.
    PHP:
    <?php
    echo 'Open_basedir: ',(ini_get('open_basedir') ? 'Enabled' 'Disabled');
    ?>
    You can read more about how to make changes like these to your PHP-FPM system and user pool configurations at the links below.

    PHP-FPM Configuration Template Locations

    PHP-FPM System and User Pool Directives

    Hope this helps!
     
  7. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,721
    Likes Received:
    186
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    @Ricky G. thanks for providing the solution!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice