open_basedir - not working for addon domains.

likudio

• January 11, 2015 15:46

Hi, As I understand, open_basedir's purpose is to limit a PHP file access to other resources, other than it's DocumentRoot. Fine until here. Let's say I have cPanel account, "www.somesite.com" which has path /home/somesite/(public_html/), as a main domain. And in my account, I want to add an Addon Domain, "www.othersite.com", which will point to: /home/somesite/www_othersite as DocumentRoot. As I enable open_basedir, I expect that for each of my Addon Domain, its access to be limited to DocumentRoot ( /home/somesite/www_othersite in our situation), NOT to users root folder (/home/somesite/); I find this issue as being a bug; is there any known work around or should I report it somewhere using a ticket, so it can be fixed? Regards, A.

• 

  secureconfig

  • January 12, 2015 04:54

  Hello , do you actived open_basedir correctly ? please run this command and paste output : # cat /usr/local/lib/php.ini | grep open_basedir Good Luck.

  0
• 

  likudio

  • January 12, 2015 12:30

  Hi secureconfig, Your question doesn't make any sense, as according to cPanel documentation, open_basedir setting does not get activated from php.ini, but from /usr/local/apache/conf/httpd.conf, where the VirtualHosts are generated, and they look like this: php4_admin_value open_basedir "path_to_users_dir:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp" php5_admin_value open_basedir "/home/path_to_users_dir:/usr/lib/php:/usr/local/lib/php:/tmp" The thing is... it should be path_to_document_root, not to users_dir if you get what I'm saying :) I'll report a ticket with this issue. Thanks anyway.

  0
• 

  cPanelMichael

  • January 12, 2015 18:27

  Hello :) Could you let us know the ticket number so we can update this thread with the outcome? Thank you.

  0
• 

  likudio

  • January 12, 2015 18:34

  Hi Michael, Ticket ID is 5955853 and still under investigation; Hope it will get fixed ASAP. Regards, A.

  0
• 

  likudio

  • January 12, 2015 21:06

  After talking with a cPanel representative... they don't see this as a bug. They think that this can this can be a feature... so I have to make a "feature request"; But... can somebody tell me, what is the purpose of open_basedir in cPanel option? I mean, what's the point of using open_basedir to the users folder, and not to the domain root? I still don't get it...

  0
• 

  cPanelMichael

  • January 13, 2015 18:30

  Per our documentation: The open_basedir tweak limits users' ability to browse the file system with PHP. It prevents PHP's access to the user's home directory, /tmp, and some necessary PHP system directories. This protects foreign files from PHP access.
  Additional documentation on this option is available at: PHP open_basedir Tweak Feel free to post the link to the feature request here so we can review it after the submission. Thank you.

  0
• 

  likudio

  • January 16, 2015 16:54

  Just to update the topic... I managed to implement a solution which will solve this problem. See this topic:

  0

Please sign in to leave a comment.