open_basedir blank in lsws but correct in httpd

A

aww

Well-Known Member
#1
#1
Under cpanel they have this set in the httpd.conf template

/var/cpanel/templates/apache2/vhost.default

php_admin_value open_basedir "[% vhost.homedir %] etc.

and it works in apache - under phpinfo it correctly shows the open_basedir restriction

but when lsws is running

open_basedir no value

the php.ini does not have any overrides, it's commented out

any suggestions where I should begin looking for the problem?

it is possible I complied PHP with a missing option to obey the apache env ?

OH - maybe it's this http://www.litespeedtech.com/support/forum/showpost.php?p=27586&postcount=23

what can I do about
Code: 
<IfModule concurrent_php.c>
then?
 
Last edited:
A

aww

Well-Known Member
#2
#2
Yup that was the problem,

why doesn't litespeed obey?

<IfModule !concurrent_php.c>

I had to move the basedir outside of that structure for it to work

I hope cpanel doesn't override that with it's future upgrades.

I guess litespeed cannot qualify any of the conditionals?
Code: 
    <IfModule concurrent_php.c>
        php4_admin_value open_basedir "[% vhost.homedir %]:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/ph$
        php5_admin_value open_basedir "[% vhost.homedir %]:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    <IfModule !concurrent_php.c>
        <IfModule mod_php4.c>
            php_admin_value open_basedir "[% vhost.homedir %]:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib$
        </IfModule>
        <IfModule mod_php5.c>
            php_admin_value open_basedir "[% vhost.homedir %]:/usr/lib/php:/usr/local/lib/php:/tmp"
        </IfModule>
        <IfModule sapi_apache2.c>
            php_admin_value open_basedir "[% vhost.homedir %]:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib$
        </IfModule>
    </IfModule>
Note that this means suddenly there are a whole bunch of people running litespeed under cpanel who no longer have the open_basedir protection they thought they had working previously. It's a silent fail. I'd call that a big security problem that litespeed might get blamed for.
 
Last edited:
You must log in or register to reply here.
Top