The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

open_basedir help - need to add access to location

Discussion in 'General Discussion' started by morrow95, Apr 11, 2011.

  1. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Just changed to a new server and in the process of setting everything up. I have always used CSF on my servers and am in the process of 'geeen okay' all the security checks.

    My current issue is with open_basedir. When I enable this protection I get an error such as below :

    Code:
    Warning: Unknown: open_basedir restriction in effect. File(/home/contegstart.php) is not within the allowed path(s): (/home/mysite/:/usr/lib/php:/usr/local/lib/php:/tmp) in Unknown on line 0
     
    Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0
     
    Fatal error: Unknown: Failed opening required '/home/contegstart.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in Unknown on line 0
    
    I totally understand the reason for this, the /home/contegstart.php file is outside of the site (/home/mysite/). How can I enable access to this file while still enabling open_basedir protection? I am using a content negotiation script so there are three files, one I append in htaccess, one I prepend in htaccess, and then the script file itself. Since I use this on all sites on my server I would like to keep these three files in one location and then just be able to access them from each site account.

    I have done some searching and am finding things about modifying openbase_dir = in php.ini and other stuff about vhosts file. Frankly, I am not that literate with this stuff.

    If anyone could help I would appreciate it!
     
  2. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Okay, here is the error I am getting on a test site with open_basedir enabled :

    Code:
    Warning: Unknown: open_basedir restriction in effect. File(/home/conteg/contegstart.php) is not within the allowed path(s): (/home/testsite/:/usr/lib/php:/usr/local/lib/php:/tmp) in Unknown on line 0
    
    Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0
    
    Fatal error: Unknown: Failed opening required '/home/conteg/contegstart.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in Unknown on line 0
    
    In my htaccess file for the 'testsite' I added the line :

    php_value open_basedir /home/conteg/

    I thought this would add access to /home/conteg/ on the system, but nothing changed and the same error showed.

    -----

    Second try was to simply copy the 'conteg' folder to /home/testsite/ since I will always have access to the site folder. This worked, however, since I use this script on all my accounts I would much rather have it in one location for when it is changed, updated, etc instead of having it in each site folder. So again, if anyone could chime in on how to add just one location I would appreciate it.

    Also, now that open_basedir is enabled, should I use suphp it says I must manually specify the setting in the relevant php file. This sounds like my global php.ini will no longer be used - yes or no? Will all the settings in the global be dismissed when I do this like disablefunctions, dl off, etc, etc?
     
  3. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    I'm a bit confused right now whether you are using suPHP or not in your current setup. Are you using suPHP or DSO on the server? Given the .htaccess directive you'd mentioned, I would think it is DSO, but just wanting to be sure.

    If you are using suPHP, then you can have individual php.ini files on each account and the relevant php.ini file will either be the global php.ini at /usr/local/lib/php.ini if the account doesn't have its own php.ini or the php.ini on the account itself in /home/username or /home/username/public_html location (you would want to copy the global php.ini to that user's directory).
     
  4. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Thank you!

    No, I am not using suPHP at the moment, but I plan to. I was going to try and figure out this whole script process first and was then going to recompile with suphp enabled.

    What you just told me is a huge relief because that clears up all the questions I had... so basically when I setup with suphp I can just copy my global php.ini file into the /home/account/ directory and modify anything I need to for that specific site? I take it that would take precedence over the global file then?

    ... and if I don't add a php.ini to the site then the global file is in place?

    If I have that all correct then that will work absolutely perfect... thanks again for the response
     
Loading...

Share This Page