[solved] open_basedir tweak via cpanel not supported

aww

Well-Known Member
#1
Cpanel's "tweak security" offers a menu option to turn on open_basedir on a per user basis.

Litespeed doesn't seem to obey cpanel (not surprisingly as cpanel is probably writing php.ini in another directory)

How do I enable this manually?
Any issues to consider under LiteSpeed vs apache?

Tweak php open_basedir Security

php open_basedir Protection

Php's open_basedir protection prevents users from opening files outside of their home directory with php.
 
Last edited by a moderator:

mistwang

LiteSpeed Staff
#2
cPanel override "open_basedir" for each virtual host in httpd.conf, it is honored by LiteSpeed, Please check it via a phpinfo page.
 

aww

Well-Known Member
#3
Well you are right, it's in phpinfo

However if I remember correctly under apache+php if you try something as simple as this, it should fail as it's trying to read a path outside the owner's own folder

echo file_get_contents('/proc/loadavg');

lsws+php+open_basedir is allowing it to happen without error
 

aww

Well-Known Member
#6
Ah my apologies then.
I could have sworn it failed under my apache+php which was 4.4.6

Later tonight when traffic is slower I will switch back to apache temporarily just to double check (and see what php version I am actually running under that)

Was I at least right about [thread=1034]the /~username issue[/thread]?
 
Last edited:

aww

Well-Known Member
#9
Please forgive my ignorance, for a php upgrade do we upgrade though your installer? So basically we have to wait until you make a package 4.4.7 ? (not rushing you, just trying to understand the process)
 

mistwang

LiteSpeed Staff
#10
You'd better building your own PHP binary, just follow tutorial in our wiki.
It is the only way to get it up-to-date as early as you can.
Make sure to uninstall eAccelerator before upgrade PHP to another version, then install it again after the upgrade.
 

aww

Well-Known Member
#11
I owe you an apology.

Apparently open_basedir *is* working, it's just that unlike apache, the error is not being thrown to the http output?

I just noticed this in the lsws logs:
[STDERR] PHP Warning: file_get_contents() [<a href='function.file-get-contents'>function.file-get-contents</a>]: open_basedir restriction in effect. File(/proc/loadavg) is not within the allowed path(s): (/home/example/:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/example/public_html/phpinfo/index.php on line 5
So it's working just fine.
Just not seeing the error in the browser which threw me.
Is that a php.ini option I might be missing?
 
#12
Sorry to open up this old thread, however we've just installed Litespeed Enterprise alongside cPanel.

We have the so called 'open_basedir tweak' turned on, and in the /etc/httpd/etc/httpd.conf file under the test virtual host, the following line appears:

Code:
<IfModule concurrent_php.c>
        php4_admin_value open_basedir "/home/thamesbu/:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/$
        php5_admin_value open_basedir "/home/thamesbu/:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    <IfModule !concurrent_php.c>
        <IfModule mod_php4.c>
            php_admin_value open_basedir "/home/thamesbu/:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/ph$
        </IfModule>
        <IfModule mod_php5.c>
            php_admin_value open_basedir "/home/thamesbu/:/usr/lib/php:/usr/local/lib/php:/tmp"
        </IfModule>
        <IfModule sapi_apache2.c>
            php_admin_value open_basedir "/home/thamesbu/:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/ph$
        </IfModule>
    </IfModule>
When we look in our phpinfo however, it shows:

PHP:
open_basedir	no value      no value
Could you advise the cause of this and how to resolve?

Thanks

David
 
Top