The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Open_basedir question

Discussion in 'General Discussion' started by encryption, Jul 10, 2007.

  1. encryption

    encryption Well-Known Member

    Joined:
    Jun 24, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    A new client of mine has 10 sites that he's registering with me and a majority of them aren't working because open_basedir protection is in effect. Other than disabling the setting on a per domain basis, is there an easier / more secure workaround ?
     
  2. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Do you know the exact error they are having?.
     
  3. encryption

    encryption Well-Known Member

    Joined:
    Jun 24, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Warning: chdir() [function.chdir]: open_basedir restriction in effect. File(/home/SITE1/public_html/forums) is not within the allowed path(s): (/home/SITE2/:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/SITE2/public_html/index.php on line 2

    Warning: require_once() [function.require-once]: open_basedir restriction in effect. File(/home/SITE1/public_html/forums/vBExternal.php) is not within the allowed path(s): (/home/SITE2/:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/SITE2/public_html/index.php on line 3

    Warning: require_once(/home/SITE1/public_html/forums/vBExternal.php) [function.require-once]: failed to open stream: Operation not permitted in /home/SITE2/public_html/index.php on line 3

    Fatal error: require_once() [function.require]: Failed opening required '/home/SITE1/public_html/forums/vBExternal.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/SITE2/public_html/index.php on line 3
     
  4. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    You should be able to disable open_basedir protection on a single directory (and everything under it), so that might help (.htaccess or php.ini if running under phpsuexec).

    The best protection though is to run something like phpsuxec or suphp.
     
  5. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    The error messages show that the client is trying to cross site script ....

    They should not be doing that!

    You could expand the openbasedir path to include all of that client's
    accounts but that is a band aid and the client really needs to stop
    with the cross site scripting ---- very bad idea.

    (Cross site scripting means to have a script on one site directly
    accessing files on another hosting account on that server machine)
     
  6. encryption

    encryption Well-Known Member

    Joined:
    Jun 24, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Well that was a specific request from the client i.e. being able to access data across different sites. I tried enabling phpsuexec and white pages appear on the forum. I presume that is a permissions error ?
     
  7. pross

    pross Well-Known Member

    Joined:
    Mar 14, 2005
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    one way you could do it:

    still using openbasedir and phpsuexec too....

    have your client use just ONE account on your server then tell him to use addon domains....simple...

    site one would be:
    /home/user/www/site1/www/
    site2
    /home/user/www/site2/www/

    etc etc

    and because they are all owned by the same user you can include files from each site...
     
  8. encryption

    encryption Well-Known Member

    Joined:
    Jun 24, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Tried that, but he insisted each domain be setup as an independent account instead of an "add on" domain. So I had to create multiple domains and enable open_basedir just for those domains.

    So what permissions would I need to fix in order to get rid of the white pages after php suexec is enabled.
     
  9. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    The client is an idiot in that case! :D

    Personally I would tell him if wants to cross site script across domains
    then he need to put the domains as add-on domains ... final!

    You could expand the open_basedir path list for those accounts but there
    are many reasons for not allowing cross site scripting and you should not
    compromise server security or complicate your server's management
    on the basis of a client's petty whining .... that's bad business.

    I have no problems putting my foot down with clients and I have been known
    to totally and completely rip clients like that down and get right in their faces
    and you know what, they love me for it!

    Why?

    Because after I tell them what they can't do or shouldn't do, I then follow up
    with showing them how they should actually be doing things and they are
    very often to surprised to find that there are better ways to accomplish
    the same things that they had never thought about before.

    In each and every case, the client learns something new, gains more experience,
    and becomes even more die hard loyal to our company and most end up staying
    with us forever and bring in new referral clients in appreciation.
     
  10. encryption

    encryption Well-Known Member

    Joined:
    Jun 24, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    to each his own, but that still doesn't answer the permissions issue. Any ideas on that ?
     
Loading...

Share This Page