WHM66 and open_basedir issues with session.save_path

Routes

Member
Aug 5, 2016
14
1
3
Austria
cPanel Access Level
Root Administrator
Hi,

in one of the last updates the session.save_path was changed to /var/cpanel/php/sessions/ea-php<version>.
Now I realized that my php error log is full of open_basedir errors like
PHP Warning: Unknown: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php70) is not within the allowed path(s):

I am using MPM Event with php-fpm (non-jailed apache) and my open_basedir was always set to <website-root-dir>:/usr/lib/php:/usr/local/lib/php:/tmp

As this was changed from /tmp I would have to extend my open_basedir with /var/cpanel/php/sessions/ea-php<version>

Am I right with this conclusion??

Or change the session.save_path in the /var/cpanel/userdata/<user> yaml files? What would you recommend as approach?

Thanks!
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
Hello,

We actually have an internal case open (EA-5664) to address an issue where enabling PHP open_basedir in EasyApache 4 does not work due to the use of incorrect paths (it still uses the ones associated with EasyApache 3). As a workaround, you'd need to manually update the paths so they reflect the updated session directory and to account for MultiPHP functionality (e.g. /opt/cpanel/ea-php56).

Also, note the following quote from our PHP open_basedir Tweak document:

  • Apache only uses configuration file PHP directives if you select the DSO handler.

  • If you configure PHP to run as a CGI, suPHP, or FastCGI process, you must manually specify the open_basedir directive in the appropriate php.ini file. Each user requires their own php.ini files when you select a PHP handler that is not DSO.
Thank you.
 
  • Like
Reactions: Rodrigo Gomes

Routes

Member
Aug 5, 2016
14
1
3
Austria
cPanel Access Level
Root Administrator
Sorry but this is not exactly what I asked. Of course I know that I have to edit the yaml files on my own if using php-fpm because this is not working with the WHM "button", and this is also what I did.

The question is : Should I set the session.save_path back to /tmp or should I leave the session.save_path at the "new" value /var/cpanel/php/sessions.... and extend my open_basedir in the yaml file? I understand it like update the paths in the yaml file to the new paths, right?

Manually I have to do it anyway, EasyApache 4 or not, it is even not enough to edit the php.ini file because it does not do anything, you have to edit the yaml files and rebuild the configuration, that's the only way to add open_basedir with php-fpm I found.

and can I remove /tmp then from the open_basedir paths or not?
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
The question is : Should I set the session.save_path back to /tmp or should I leave the session.save_path at the "new" value /var/cpanel/php/sessions.... and extend my open_basedir in the yaml file? I understand it like update the paths in the yaml file to the new paths, right?
I recommend leaving the new PHP session paths enabled, and updating your open_basedir paths to reflect the new directory.

and can I remove /tmp then from the open_basedir paths or not?
Yes, you can remove the /tmp directory from the allowed paths in this case since PHP sessions are no longer stored there.

Thank you.
 
  • Like
Reactions: Rodrigo Gomes