The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

open_basedir and shared @mail install

Discussion in 'Security' started by MWS Admin, Mar 20, 2009.

  1. MWS Admin

    MWS Admin Registered

    Joined:
    Mar 20, 2009
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hello

    apache 2.2
    php 5+
    mysql 5+
    RHEL
    Cpanel 11+

    I have been pulling my hair out for hours now so it's time to ask for help.

    1. I am attempting to install @mail globally for all clients
    2. I don't want to disable open_basedir
    3. open_basedir only allows the following directories to be opened
    /usr/lib/php
    /usr/php4/lib/php
    /usr/local/lib/php
    /usr/local/php4/lib/php
    /tmp

    Therefore, open_basedir prevents my @mail installation from working. My first idea was to edit /etc/httpd/conf/httpd.conf but of course that would mean that my changes would get overridden when whm updates. So I tracked down the following files:

    /var/cpanel/templates/apache/main.default (empty)
    /var/cpanel/templates/apache/main.local (empty)
    /var/cpanel/templates/apache/vhost.default (CONTAINS open_basdir info)
    /var/cpanel/templates/apache/vhost.local (empty)
    /var/cpanel/templates/apache/ssl_vhost.default (CONTAINS open_basdir info)
    /var/cpanel/templates/apache2/ssl_vhost.local (empty)

    Once I found vhost.default and ssl_vhost.local, I thought I was home free but no. The changes that I make to those files get overwritten.

    I also tried using whm's "Edit Apache Include Files" but that does not work correctly. With this method, I can set a base dir globably but have no way to include the user home dir: (home/username). I don't want to give all users access to (/home) for security reasons.

    After making changes, I ran the following changes:

    /usr/local/cpanel/bin/apache_conf_distiller --update
    /usr/local/cpanel/bin/build_apache_conf

    service httpd restart

    ------

    Does anyone know how I can permanetly add another directory to my open_basedir directive? I want to do this for all users.

    As a temporary workaround, I installed @mail to my /usr/local/lib/php directory and it works... I am sure that is a bad idea... Anyone want to tell me why?

    Thanks In Advance
    Matrix Web Solutions
    Jeremy
     
  2. kapar

    kapar Registered

    Joined:
    Aug 25, 2005
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    maybe you should try this

    WHM --> Security --> Security Center --> PHP open_basedir Tweak

    this function can help you enable/disable open_basedir and chooise which user exclude protection.
     
Loading...

Share This Page