How to Enable open_basedir with suPHP globally and for Per User Basis on CWP – Centos WebPanel
In this tutorial we’ll enable open_basedir restriction globally for all user accounts or for each user accounts on your CWP server. It will increase your server security by limiting the access. CWP uses suPHP by default hence open_basedir can’t be enabled via apache vhost or .htaccess file with this options : php_admin_value open_basedir
open_basedir
limits all I/O operations in userspace PHP to a certain configurable subset of the filesystem, in particular to a number of directories and their sub-directories,
it is mainly used to avoid modifications to the filesystem (part of) and other user accounts. It can also be used to mitigate the effect of vulnerable PHP scripts on the filesystems/server.
Lets Get Started, it is easy tutorial yet security benefit when combine with CWP suPHP :-
To enable Globally for all CWP user accounts
touch /usr/local/php/php.d/openbasedir.ini echo "open_basedir = /home:/tmp:/var/tmp:/usr/local/lib/php/" > /usr/local/php/php.d/openbasedir.ini service httpd restart
TO enable per user basis follow this guide :
## Create php.ini : /home/username/public_html/php.ini ## or open the exisiting php.ini and add this line : open_basedir = /home/username:/tmp:/var/tmp:/usr/local/lib/php/ ## then restart apache service : service httpd restart
**Replace the username with the actual user name listed in “List account”
You can also do it by yourself by creating a file: /usr/local/php/php.d/open_basedir.ini with the following content:
open_basedir = /home:/tmp:/var/tmp:/usr/local/lib/php/
To enable it for other php versions from the PHP selector you can create this config files with the same content:
/opt/alt/php44/usr/php/php.d/open_basedir.ini /opt/alt/php52/usr/php/php.d/open_basedir.ini /opt/alt/php53/usr/php/php.d/open_basedir.ini /opt/alt/php54/usr/php/php.d/open_basedir.ini /opt/alt/php55/usr/php/php.d/open_basedir.ini /opt/alt/php56/usr/php/php.d/open_basedir.ini /opt/alt/php70/usr/php/php.d/open_basedir.ini /opt/alt/php71/usr/php/php.d/open_basedir.ini /opt/alt/php72/usr/php/php.d/open_basedir.ini /opt/alt/php7/usr/php/php.d/open_basedir.ini
Done you’ve just enabled open_basedir config for CWP suphp