Removed open_basedir patch from EasyApache 4 systems

Nirjonadda

Well-Known Member
May 8, 2013
736
27
78
cPanel Access Level
Root Administrator
cPanel Removed open_basedir patch from EasyApache 4 systems from version 76, So now what is Requirements for this Security?

The open_basedir tweak limits the user's ability to browse the file system with PHP. It prevents PHP's access to the user's home directory, the /tmp directory, and some necessary PHP system directories. This helps to protect your system from unauthorized access through PHP.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,266
313
Houston
Hello,


Please see the release notes here:
76 Release Notes - Version 76 Documentation - cPanel Documentation

Removed open_basedir patch from EasyApache 4 systems
WHM's PHP open_basedir Tweak interface (WHM >> Home >> Security Center >> PHP open_basedir Tweak) now only appears on systems that run EasyApache 3. This interface did not update the settings on systems that run EasyApache 4.

This really doesn't change much for EasyApache 4 systems, it just removes a duplicated UI. You can still employ open_basedir restrictions my modifying the PHP.ini for each php version by going to WHM>>Software>>MultiPHP INI Editor.

Code:
; open_basedir, if set, limits all file operations to the defined directory
; and below.  This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file.
; http://php.net/open-basedir
;open_basedir =
Thanks!
 

Nirjonadda

Well-Known Member
May 8, 2013
736
27
78
cPanel Access Level
Root Administrator
You can still employ open_basedir restrictions my modifying the PHP.ini for each php version by going to WHM>>Software>>MultiPHP INI Editor.
So need uncomment the line? Do not need add any thing after open_basedir = ?

Example:

Code:
; open_basedir, if set, limits all file operations to the defined directory
; and below.  This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file.
; http://php.net/open-basedir
open_basedir =
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,266
313
Houston
HI @Nirjonadda


If the line at the bottom of the section with
Code:
open_basedir =
is commented out then yes you would uncomment

For information on what should be included in the string, I would suggest reading the php documentation which it explains it's use
PHP: Description of core php.ini directives - Manual