[CPANEL-26292] Set open_basedir and disable_functions to NULL for PECL
Hi cPanel mods, please open case regarding this.
The current content of
/opt/cpanel/ea-phpXX/root/usr/bin/pecl
looks similar to this (varies per PHP version):
As you see we already have safe_mode disabled if enabled, we need this for open_basedir and disable_functions too, otherwise, pecl won't work. I modified the script, as can be seen bellow, I set open_basedir and disable_functions to NULL and my pecl works again. I believe this should be default as there are many people who define those two variables on their servers in order to protect their server
I spent some time figuring out why pecl is not working and it was because of my strict open_basedir and disable_functions values. This needs to be implemented ASAP. Thank you
#!/bin/sh
exec /opt/cpanel/ea-phpXX/root/usr/bin/php -C \
-d include_path=/usr/share/pear \
-d date.timezone=UTC \
-d output_buffering=1 \
-d variables_order=EGPCS \
-d safe_mode=0 \
-d register_argc_argv="On" \
/opt/cpanel/ea-phpXX/root/usr/share/pear/peclcmd.php "$@"
As you see we already have safe_mode disabled if enabled, we need this for open_basedir and disable_functions too, otherwise, pecl won't work. I modified the script, as can be seen bellow, I set open_basedir and disable_functions to NULL and my pecl works again. I believe this should be default as there are many people who define those two variables on their servers in order to protect their server
#!/bin/sh
exec /opt/cpanel/ea-phpXX/root/usr/bin/php -C \
-d include_path=/usr/share/pear \
-d date.timezone=UTC \
-d output_buffering=1 \
-d variables_order=EGPCS \
-d safe_mode=0 \
-d register_argc_argv="On" \
-d open_basedir=NULL \
-d disable_functions=NULL \
/opt/cpanel/ea-phpXX/root/usr/share/pear/peclcmd.php "$@"
I spent some time figuring out why pecl is not working and it was because of my strict open_basedir and disable_functions values. This needs to be implemented ASAP. Thank you
-
ello @vacancy, this is unrelated to this post. I'm talking here about Module Installer -> PHP Pecl installer or when you manually run pecl for specific PHP version like: /opt/cpanel/ea-phpXX/root/usr/bin/pecl install imagick
If you have defined open_basedir to e.g.:open_basedir = "/home:/tmp:/var/cpanel/php/sessions/ea-php72"
Like many admins do, pecl can't access /opt/cpanel/ea-php72 folder, and I doubt any of the sysadmins are aware to put /opt/cpanel/ea-php72 to allowed paths in basedir. Which will make pecl not work, also if you have defined disable functions popen/proc_open pecl won't also work. That's why setting these to NULL when running pecl is necessary. @cPanelMichael please open case for this. Thanks.0 -
No, I just came here to report the issue. Here is how to reproduce: Open MultiPHP Ini editor for some PHP version in WHM, let's say 7.0 set disable_functions variable to disable_functions = "pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,exec,show_source,system,passthru,shell_exec,proc_open,popen,phpinfo"
Set open_basedir variable toopen_basedir = "/home:/tmp:/var/cpanel/php/sessions/ea-php70"
Now, try installing something via PECL for the version 7.0 You'll see the errors about open_basedir restriction (pecl unable to access /opt/cpanel/ea-php72), and afterward, the problems will arise because of popen disabled. That's why it's required each of the /opt/cpanel/ea-phpXX/root/usr/bin/pecl has these variables set to null so they don't interfere with PECL! I hope i explained this, I can't do it better. A regular user won't know how to troubleshoot this issue, and this will prevent many support requests being opened regarding this.0 -
Hello @lukapaunovic, I've reported this as part of internal case CPANEL-26292. I'll update this thread with more information on the status of this case as it becomes available. Thank you. 0 -
Come one @cPanelMichael fix this already :( It's just two lines to override basdir and disable functions when pecl is running! 0 -
Hello @lukapaunovic, This case is an improvement request so updates to the case status may not occur as quickly as a typical defect report. I'll continue to monitor the case and update this thread with new information as it becomes available. In the meantime, the temporary workaround is to set the open_basedir and disable_functions lines to NULL in the corresponding /opt/cpanel/ea-php$$/root/usr/bin/pecl files: -d disable_functions=NULL \ -d open_basedir=NULL \
Thank you.0
Please sign in to leave a comment.
Comments
7 comments