Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disabling open_basedir per user with CLI

Discussion in 'General Discussion' started by xfactor5, Sep 8, 2017.

Tags:
  1. xfactor5

    xfactor5 Registered

    Joined:
    Nov 1, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi,

    I searched everywhere and could not find anything.

    I have to disable open_basedir protection per user via command line or some other way that can be used inside our API in a programmatic way.

    I don't want to disable it completely for everyone due to security reasons. I also checked WHM API, but there is no open_basedir function there.

    Is there a method for doing this with CLI or some other way that can be used programmatically?

    Thanks
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Can you verify which PHP handler is enabled for the account you want to disable it on? You can check to see which PHP handler is enabled via "WHM >> MultiPHP INI Manager".

    Thank you.
     
  3. xfactor5

    xfactor5 Registered

    Joined:
    Nov 1, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi,
    It's not one specific account. We must do it for many accounts programmatically. But anyway we would use eaphp71 (our code base is PHP 7.1) and the web server is LiteSpeed.
    Every time a new website is made with our site builder, we create a Cpanel account and that account loads our CMS's PHP files from one master Cpanel account to prevent lots of identical copies.
    We trust our own code, but the problem is that we if disable it server wide, security would be compromised by some accounts that use 3rdparty scripts like our forum.
    Therefore, we must disable openbase_dir for each user after we create a new account with WHM API.
    Regards
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  5. xfactor5

    xfactor5 Registered

    Joined:
    Nov 1, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi,
    It does not work, it's like it has no effect. And I am not surprised because it should not work with UAPI and users CPanel account! If any user can disable openbase_dir from their control panels, this would be a huge security risk because it means anyone can access files server wide just by adding a few directives.
    The openbase_dir tweak is part of WHM not Cpanel and therefore if there is gonna be an API, it must be in WHM API not UAPI.
    Any other solutions? I don't want to mess with http.conf!
    Thanks
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Can you browse to "WHM >> MultiPHP Manager" and verify if PHP-FPM is enabled for any of your domain names? Also, please post the output from the following command:

    Code:
    /usr/local/cpanel/bin/rebuild_phpconf --current
    Thank you.
     
  7. xfactor5

    xfactor5 Registered

    Joined:
    Nov 1, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi,
    No, it's not enabled. We use LiteSpeed and as far as I remember it has it's own LSAPI which is faster than PHP-FPM.
    The output:

    DEFAULT PHP: ea-php56
    ea-php54 SAPI: suphp
    ea-php55 SAPI: suphp
    ea-php56 SAPI: suphp
    ea-php70 SAPI: suphp
    ea-php71 SAPI: suphp

    But we mostly use PHP 7.1 and we are planning to make it default.
    Thanks
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page