How does Tweak PHP open_basedir Security work?

BianchiDude

Well-Known Member
PartnerNOC
Jul 2, 2005
617
0
166
How does Tweak PHP open_basedir Security work?

I didn't see a change to the open_basedir setting in php.ini after enabling it in WHM, under Security Center.

[~]# cat /usr/local/lib/php.ini |grep base
; open_basedir, if set, limits all file operations to the defined directory
;open_basedir =

In what file is it changing that setting?

TIA
 

chinmay

Well-Known Member
Jul 22, 2008
101
0
66
localhost
Hi there,

The changes would be made in the httpd.conf file. The entry will be added in the VirtualHost entry for the domain. A sample entry will look like

<IfModule concurrent_php.c>
php4_admin_value open_basedir "/home/username/:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
php5_admin_value open_basedir "/home/username/:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
<IfModule !concurrent_php.c>
<IfModule mod_php4.c>
php_admin_value open_basedir "/home/username/:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
</IfModule>
<IfModule mod_php5.c>
php_admin_value open_basedir "/home/username/:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
<IfModule sapi_apache2.c>
php_admin_value open_basedir "/home/username/:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
</IfModule>
</IfModule>
If you exclude php open_basedir for any of the account/domain the entry as above will be removed from the httpd.conf file.
 

thewebhosting

Well-Known Member
May 9, 2008
1,199
1
68
How does Tweak PHP open_basedir Security work?

I didn't see a change to the open_basedir setting in php.ini after enabling it in WHM, under Security Center.

[~]# cat /usr/local/lib/php.ini |grep base
; open_basedir, if set, limits all file operations to the defined directory
;open_basedir =

In what file is it changing that setting?

TIA
PHP's open_basedir protection prevents users from opening files outside of their home directory with PHP script. Since you have enabled Open_basedir security from WHM, php.ini will show you as below:

; open_basedir, if set, limits all file operations to the defined directory
;open_basedir =

This is a correct settings and I do not think you need to do anything else now. Are you facing any problems?
 

chinmay

Well-Known Member
Jul 22, 2008
101
0
66
localhost
PHP's open_basedir protection prevents users from opening files outside of their home directory with PHP script. Since you have enabled Open_basedir security from WHM, php.ini will show you as below:

; open_basedir, if set, limits all file operations to the defined directory
;open_basedir =

This is a correct settings and I do not think you need to do anything else now. Are you facing any problems?
yes, that is true.. but if you change it in WHM under Security Center, changes do reflect in httpd.con file.