open_basedir with suphp on global php.ini?

morrow95

Well-Known Member
Oct 8, 2006
164
8
168
Just switched from dso to suphp on my server. I want to add back the openbase_dir protection I had previously. Now, I have already performed the following in /opt/suphp/etc/suphp.conf to disable users to have individual php.ini files on their accounts :

Code:
[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.
application/x-httpd-php=/usr/local/lib/
application/x-httpd-php4=/usr/local/php4/lib/
application/x-httpd-php5=/usr/local/lib/
With that said, is it possible to enable open_base dir in the global php.ini file for all the accounts? From what I am reading I would need to set individual php.ini's on all accounts to enable this which then goes against the fact I am preventing that in the first place.

Any help would be great... using php 5.3 by the way...
 

srpurdy

Well-Known Member
Jun 1, 2011
101
0
66
cPanel Access Level
Root Administrator
You can use php 5.3's path feature like this example. in the global php.ini

Code:
[PATH=/home/username/public_html]
memory_limit=64M
register_globals=Off
allow_url_fopen=Off
post_max_size=20M
upload_max_filesize=20M
session.save_path=/home/username/sessions
upload_tmp_dir=/home/username/uploads
open_basedir=/home/username/public_html:/usr/local/lib/php/:/home/username/php/
You can add as many as you need. :)
 

morrow95

Well-Known Member
Oct 8, 2006
164
8
168
You can use php 5.3's path feature like this example. in the global php.ini

Code:
[PATH=/home/username/public_html]
memory_limit=64M
register_globals=Off
allow_url_fopen=Off
post_max_size=20M
upload_max_filesize=20M
session.save_path=/home/username/sessions
upload_tmp_dir=/home/username/uploads
open_basedir=/home/username/public_html:/usr/local/lib/php/:/home/username/php/
You can add as many as you need. :)
Thanks, but I was looking to just add openbase_dir for all accounts on the server since they are now all using the global .ini... are you saying I need to enter :

Code:
[PATH=/home/username/public_html]
open_basedir=/home/username/public_html:/usr/local/lib/php/:/home/username/php/
for every single account...any every time I add an account? There isn't a way to add a single entry which would take care of all of them?
 

srpurdy

Well-Known Member
Jun 1, 2011
101
0
66
cPanel Access Level
Root Administrator
Well you could always write a script to do this automatically,.

php.ini has an open_basedir that is global, but if you set it to say /home that means user1 can access user2 directories. This isn't secure.
 

morrow95

Well-Known Member
Oct 8, 2006
164
8
168
Well you could always write a script to do this automatically,.

php.ini has an open_basedir that is global, but if you set it to say /home that means user1 can access user2 directories. This isn't secure.
I'm aware of this... perhaps I need to be more clear. I am using suphp so I cannot use the open_base dir settings in WHM... I need to specify them in the php.ini. Now, since I performed the steps mentioned in my earlier post... I am preventing user specific php.ini use and forcing every account to use the global php.ini file. With that said, is there any way to add open_base dir protection in the global php.ini file (say using variables or something) or must I manually add every account into it with the code I listed in my last response?
 

srpurdy

Well-Known Member
Jun 1, 2011
101
0
66
cPanel Access Level
Root Administrator
You'll have to manually do this for each user.

Or like I said you could write a script that would edit the global php.ini and add accounts to it for you. But you need to look at cPanel API I have no real advice on that aspect.