Set open_basedir directive per user

Discussion in 'General' started by firehost_thomas_z, Feb 22, 2011.

  1. firehost_thomas_z

    firehost_thomas_z New Member

    Hello everyone,

    Is there a way to wrap the lsphp5 process so that open_basedir may be set similar to this php-cgi wrapper that works in conjunction with suexec:
    #!/bin/sh
    HOMEDIR=`grep ":$UID:" /etc/passwd | cut -d: -f6`
    ARGS="-d safe_mode=0 -d open_basedir=/tmp/:$HOMEDIR/httpdocs/"
    exec /usr/bin/php-cgi $ARGS

    This operates the way it should using old school mod_php or mod_fastcgi but we want to use lsapi/lsphp -- that is what makes litespeed so great!

    Regards,
    Thomas Z
  2. mistwang

    mistwang LiteSpeed Staff

    open_basedir works with lsphp, just like with mod_php.
    Just override open_basedir with php_admin_value in the vhost configuration. that's the way cPanel generate the vhost configurations.
  3. tommynsong

    tommynsong New Member

    that would require manually touch every vhost, is there any dynamic approach to secure this?
  4. NiteWave

    NiteWave Administrator

    I think no such dynamic way like php-cgi you showed in first post.

    while in .htaccess, you can put
    php_value open_basedir /home/mydomain/public_html:/tmp
    in lsws + lsphp, but not available in php-cgi way.

    also in lsws php suExec mode, each account can have its own unique php.ini, to set everything include open_basedir.

    I think they are just different approaches.

Share This Page