Disabling open_basedir per user with CLI

xfactor5

Member
Nov 1, 2013
13
0
1
cPanel Access Level
Website Owner
Hi,

I searched everywhere and could not find anything.

I have to disable open_basedir protection per user via command line or some other way that can be used inside our API in a programmatic way.

I don't want to disable it completely for everyone due to security reasons. I also checked WHM API, but there is no open_basedir function there.

Is there a method for doing this with CLI or some other way that can be used programmatically?

Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
Hello,

Can you verify which PHP handler is enabled for the account you want to disable it on? You can check to see which PHP handler is enabled via "WHM >> MultiPHP INI Manager".

Thank you.
 

xfactor5

Member
Nov 1, 2013
13
0
1
cPanel Access Level
Website Owner
Hi,
It's not one specific account. We must do it for many accounts programmatically. But anyway we would use eaphp71 (our code base is PHP 7.1) and the web server is LiteSpeed.
Every time a new website is made with our site builder, we create a Cpanel account and that account loads our CMS's PHP files from one master Cpanel account to prevent lots of identical copies.
We trust our own code, but the problem is that we if disable it server wide, security would be compromised by some accounts that use 3rdparty scripts like our forum.
Therefore, we must disable openbase_dir for each user after we create a new account with WHM API.
Regards
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463

xfactor5

Member
Nov 1, 2013
13
0
1
cPanel Access Level
Website Owner
Hi,
It does not work, it's like it has no effect. And I am not surprised because it should not work with UAPI and users CPanel account! If any user can disable openbase_dir from their control panels, this would be a huge security risk because it means anyone can access files server wide just by adding a few directives.
The openbase_dir tweak is part of WHM not Cpanel and therefore if there is gonna be an API, it must be in WHM API not UAPI.
Any other solutions? I don't want to mess with http.conf!
Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
Hello,

Can you browse to "WHM >> MultiPHP Manager" and verify if PHP-FPM is enabled for any of your domain names? Also, please post the output from the following command:

Code:
/usr/local/cpanel/bin/rebuild_phpconf --current
Thank you.
 

xfactor5

Member
Nov 1, 2013
13
0
1
cPanel Access Level
Website Owner
Hi,
No, it's not enabled. We use LiteSpeed and as far as I remember it has it's own LSAPI which is faster than PHP-FPM.
The output:

DEFAULT PHP: ea-php56
ea-php54 SAPI: suphp
ea-php55 SAPI: suphp
ea-php56 SAPI: suphp
ea-php70 SAPI: suphp
ea-php71 SAPI: suphp

But we mostly use PHP 7.1 and we are planning to make it default.
Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463