Disabling open_basedir per user with CLI

Hi,

I searched everywhere and could not find anything.

I have to disable open_basedir protection per user via command line or some other way that can be used inside our API in a programmatic way.

I don't want to disable it completely for everyone due to security reasons. I also checked WHM API, but there is no open_basedir function there.

Is there a method for doing this with CLI or some other way that can be used programmatically?

Thanks

 

Hi,
It's not one specific account. We must do it for many accounts programmatically. But anyway we would use eaphp71 (our code base is PHP 7.1) and the web server is LiteSpeed.
Every time a new website is made with our site builder, we create a Cpanel account and that account loads our CMS's PHP files from one master Cpanel account to prevent lots of identical copies.
We trust our own code, but the problem is that we if disable it server wide, security would be compromised by some accounts that use 3rdparty scripts like our forum.
Therefore, we must disable openbase_dir for each user after we create a new account with WHM API.
Regards

 

Hi,
It does not work, it's like it has no effect. And I am not surprised because it should not work with UAPI and users CPanel account! If any user can disable openbase_dir from their control panels, this would be a huge security risk because it means anyone can access files server wide just by adding a few directives.
The openbase_dir tweak is part of WHM not Cpanel and therefore if there is gonna be an API, it must be in WHM API not UAPI.
Any other solutions? I don't want to mess with http.conf!
Thanks

 

Hi,
No, it's not enabled. We use LiteSpeed and as far as I remember it has it's own LSAPI which is faster than PHP-FPM.
The output:

DEFAULT PHP: ea-php56
ea-php54 SAPI: suphp
ea-php55 SAPI: suphp
ea-php56 SAPI: suphp
ea-php70 SAPI: suphp
ea-php71 SAPI: suphp

But we mostly use PHP 7.1 and we are planning to make it default.
Thanks