Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

open_basedir and shared @mail install

Discussion in 'Security' started by MWS Admin, Mar 20, 2009.

  1. MWS Admin

    MWS Admin Registered

    Joined:
    Mar 20, 2009
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    51
    Hello

    apache 2.2
    php 5+
    mysql 5+
    RHEL
    Cpanel 11+

    I have been pulling my hair out for hours now so it's time to ask for help.

    1. I am attempting to install @mail globally for all clients
    2. I don't want to disable open_basedir
    3. open_basedir only allows the following directories to be opened
    /usr/lib/php
    /usr/php4/lib/php
    /usr/local/lib/php
    /usr/local/php4/lib/php
    /tmp

    Therefore, open_basedir prevents my @mail installation from working. My first idea was to edit /etc/httpd/conf/httpd.conf but of course that would mean that my changes would get overridden when whm updates. So I tracked down the following files:

    /var/cpanel/templates/apache/main.default (empty)
    /var/cpanel/templates/apache/main.local (empty)
    /var/cpanel/templates/apache/vhost.default (CONTAINS open_basdir info)
    /var/cpanel/templates/apache/vhost.local (empty)
    /var/cpanel/templates/apache/ssl_vhost.default (CONTAINS open_basdir info)
    /var/cpanel/templates/apache2/ssl_vhost.local (empty)

    Once I found vhost.default and ssl_vhost.local, I thought I was home free but no. The changes that I make to those files get overwritten.

    I also tried using whm's "Edit Apache Include Files" but that does not work correctly. With this method, I can set a base dir globably but have no way to include the user home dir: (home/username). I don't want to give all users access to (/home) for security reasons.

    After making changes, I ran the following changes:

    /usr/local/cpanel/bin/apache_conf_distiller --update
    /usr/local/cpanel/bin/build_apache_conf

    service httpd restart

    ------

    Does anyone know how I can permanetly add another directory to my open_basedir directive? I want to do this for all users.

    As a temporary workaround, I installed @mail to my /usr/local/lib/php directory and it works... I am sure that is a bad idea... Anyone want to tell me why?

    Thanks In Advance
    Matrix Web Solutions
    Jeremy
     
  2. kapar

    kapar Registered

    Joined:
    Aug 25, 2005
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    151
    maybe you should try this

    WHM --> Security --> Security Center --> PHP open_basedir Tweak

    this function can help you enable/disable open_basedir and chooise which user exclude protection.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice