Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

open_basedir issue with file uploads

Discussion in 'Security' started by kavos1332, Dec 17, 2012.

  1. kavos1332

    kavos1332 Active Member

    Joined:
    Dec 17, 2012
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello

    I have added the following directive to php.ini to increase the security level.

    Code:
    open_basedir = "/home"
    
    Now when upload files through php's move_uploaded_file() it raises a warning saying about open_basedir restriction in /tmp/something..

    Please advise the right settings for open_basedir.
     
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,348
    Likes Received:
    60
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    You do want more than just /home listed in open_basedir. You need /tmp in there too.

    open_basedir = /home/<accountname>/public_html:/usr/lib/php:/usr/local/lib/php:/tmp

    In your case, you just want to keep everybody within /home [which isn't great, but is better than no restriction at all].

    open_basedir = /home:/usr/lib/php:/usr/local/lib/php:/tmp

    m
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. kavos1332

    kavos1332 Active Member

    Joined:
    Dec 17, 2012
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    The problem is that it is exhustivetask to write open_basedir entry for each user. Also an entry should be added each time a new account is created.
     
  4. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,348
    Likes Received:
    60
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    You're right. It is exhausting, especially if you're running PHP 5.2.17 or less. If you're running PHP 5.3+ it's a bit easier since only have to enter two lines in the global PHP.ini.

    M
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. kavos1332

    kavos1332 Active Member

    Joined:
    Dec 17, 2012
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I am running 5.3.19. What do you write to, as well as adding restrictions, don't hurt file uploads?
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice