blog.alphagnu.com - Tutorial made Easy

blog.alphagnu.com - The blog is all about tutorials on Linux server, web control panels and also some of popular CMS like WordPress, Joomla, Magento tutorials.

Centos Control Panel CWP

How to Enable open_basedir with suPHP globally and for Per User Basis on CWP – Centos WebPanel

By Sandeep B.

In this tutorial we’ll enable open_basedir restriction globally for all user accounts or for each user accounts on your CWP server. It will increase your server security by limiting the access. CWP uses suPHP by default hence open_basedir can’t be enabled via apache vhost or .htaccess file with this options : php_admin_value open_basedir

open_basedir limits all I/O operations in userspace PHP to a certain configurable subset of the filesystem, in particular to a number of directories and their sub-directories,

it is mainly used to avoid modifications to the filesystem (part of) and other user accounts. It can also be used to mitigate the effect of vulnerable PHP scripts on the filesystems/server.

Lets Get Started, it is easy tutorial yet security benefit when combine with CWP suPHP :-

To enable Globally for all CWP user accounts

touch /usr/local/php/php.d/openbasedir.ini
echo "open_basedir = /home:/tmp:/var/tmp:/usr/local/lib/php/" > /usr/local/php/php.d/openbasedir.ini
service httpd restart

TO enable per user basis follow this guide :

## Create php.ini :
/home/username/public_html/php.ini
## or open the exisiting php.ini and add this line :
open_basedir = /home/username:/tmp:/var/tmp:/usr/local/lib/php/

## then restart apache service :
service httpd restart

**Replace the username with the actual user name listed in “List account”

You can also do it by yourself by creating a file: /usr/local/php/php.d/open_basedir.ini with the following content:

open_basedir = /home:/tmp:/var/tmp:/usr/local/lib/php/

To enable it for other php versions from the PHP selector you can create this config files with the same content:

/opt/alt/php44/usr/php/php.d/open_basedir.ini
/opt/alt/php52/usr/php/php.d/open_basedir.ini
/opt/alt/php53/usr/php/php.d/open_basedir.ini
/opt/alt/php54/usr/php/php.d/open_basedir.ini
/opt/alt/php55/usr/php/php.d/open_basedir.ini
/opt/alt/php56/usr/php/php.d/open_basedir.ini
/opt/alt/php70/usr/php/php.d/open_basedir.ini
/opt/alt/php71/usr/php/php.d/open_basedir.ini
/opt/alt/php72/usr/php/php.d/open_basedir.ini
/opt/alt/php7/usr/php/php.d/open_basedir.ini

Done you’ve just enabled open_basedir config for CWP suphp

By Sandeep B.

I'm a system admin and php developer and currently working as System Admin In CWP Control panel, expertise in Linux and Windows administration RHEL certified admin.

Related Post

Centos Control Panel CWP

Install mod_evasive in CWP Apache and prevent from DDOS attacks

Sandeep B.
aapanel Centos Control Panel CWP Hestia CP Linux Ubuntu

How to copy all Immutable files attribute from one server to another server

Sandeep B.
aapanel Centos Control Panel CWP Hestia CP Linux Ubuntu

How to check SMTP port 25 is open for email sending out

Sandeep B.