open_basedir issue with file uploads

kavos1332

Active Member
Dec 17, 2012
40
0
6
cPanel Access Level
Root Administrator
Hello

I have added the following directive to php.ini to increase the security level.

Code:
open_basedir = "/home"
Now when upload files through php's move_uploaded_file() it raises a warning saying about open_basedir restriction in /tmp/something..

Please advise the right settings for open_basedir.
 

mtindor

Well-Known Member
Sep 14, 2004
1,452
110
193
inside a catfish
cPanel Access Level
Root Administrator
You do want more than just /home listed in open_basedir. You need /tmp in there too.

open_basedir = /home/<accountname>/public_html:/usr/lib/php:/usr/local/lib/php:/tmp

In your case, you just want to keep everybody within /home [which isn't great, but is better than no restriction at all].

open_basedir = /home:/usr/lib/php:/usr/local/lib/php:/tmp

m
 

kavos1332

Active Member
Dec 17, 2012
40
0
6
cPanel Access Level
Root Administrator
The problem is that it is exhustivetask to write open_basedir entry for each user. Also an entry should be added each time a new account is created.
 

mtindor

Well-Known Member
Sep 14, 2004
1,452
110
193
inside a catfish
cPanel Access Level
Root Administrator
You're right. It is exhausting, especially if you're running PHP 5.2.17 or less. If you're running PHP 5.3+ it's a bit easier since only have to enter two lines in the global PHP.ini.

M