The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

open_basedir issue with file uploads

Discussion in 'Security' started by kavos1332, Dec 17, 2012.

  1. kavos1332

    kavos1332 Active Member

    Joined:
    Dec 17, 2012
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello

    I have added the following directive to php.ini to increase the security level.

    Code:
    open_basedir = "/home"
    
    Now when upload files through php's move_uploaded_file() it raises a warning saying about open_basedir restriction in /tmp/something..

    Please advise the right settings for open_basedir.
     
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    You do want more than just /home listed in open_basedir. You need /tmp in there too.

    open_basedir = /home/<accountname>/public_html:/usr/lib/php:/usr/local/lib/php:/tmp

    In your case, you just want to keep everybody within /home [which isn't great, but is better than no restriction at all].

    open_basedir = /home:/usr/lib/php:/usr/local/lib/php:/tmp

    m
     
  3. kavos1332

    kavos1332 Active Member

    Joined:
    Dec 17, 2012
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    The problem is that it is exhustivetask to write open_basedir entry for each user. Also an entry should be added each time a new account is created.
     
  4. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    You're right. It is exhausting, especially if you're running PHP 5.2.17 or less. If you're running PHP 5.3+ it's a bit easier since only have to enter two lines in the global PHP.ini.

    M
     
  5. kavos1332

    kavos1332 Active Member

    Joined:
    Dec 17, 2012
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I am running 5.3.19. What do you write to, as well as adding restrictions, don't hurt file uploads?
     
Loading...

Share This Page