WHM66 and open_basedir issues with session.save_path

Routes

• September 07, 2017 13:07

Hi, in one of the last updates the session.save_path was changed to /var/cpanel/php/sessions/ea-php. Now I realized that my php error log is full of open_basedir errors like PHP Warning: Unknown: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php70) is not within the allowed path(s): I am using MPM Event with php-fpm (non-jailed apache) and my open_basedir was always set to :/usr/lib/php:/usr/local/lib/php:/tmp As this was changed from /tmp I would have to extend my open_basedir with /var/cpanel/php/sessions/ea-php Am I right with this conclusion?? Or change the session.save_path in the /var/cpanel/userdata/ yaml files? What would you recommend as approach? Thanks!

• 

  cPanelMichael

  • September 07, 2017 18:57

  Hello, We actually have an internal case open (EA-5664) to address an issue where enabling PHP open_basedir in EasyApache 4 does not work due to the use of incorrect paths (it still uses the ones associated with EasyApache 3). As a workaround, you'd need to manually update the paths so they reflect the updated session directory and to account for MultiPHP functionality (e.g. /opt/cpanel/ea-php56). Also, note the following quote from our

  0
• 

  Routes

  • September 07, 2017 19:08

  Sorry but this is not exactly what I asked. Of course I know that I have to edit the yaml files on my own if using php-fpm because this is not working with the WHM "button", and this is also what I did. The question is : Should I set the session.save_path back to /tmp or should I leave the session.save_path at the "new" value /var/cpanel/php/sessions.... and extend my open_basedir in the yaml file? I understand it like update the paths in the yaml file to the new paths, right? Manually I have to do it anyway, EasyApache 4 or not, it is even not enough to edit the php.ini file because it does not do anything, you have to edit the yaml files and rebuild the configuration, that's the only way to add open_basedir with php-fpm I found. and can I remove /tmp then from the open_basedir paths or not?

  0
• 

  cPanelMichael

  • September 11, 2017 21:00

  The question is : Should I set the session.save_path back to /tmp or should I leave the session.save_path at the "new" value /var/cpanel/php/sessions.... and extend my open_basedir in the yaml file? I understand it like update the paths in the yaml file to the new paths, right?

  
  I recommend leaving the new PHP session paths enabled, and updating your open_basedir paths to reflect the new directory.

  and can I remove /tmp then from the open_basedir paths or not?

  
  Yes, you can remove the /tmp directory from the allowed paths in this case since PHP sessions are no longer stored there. Thank you.

  0
• 

  Routes

  • September 12, 2017 12:37

  That seems to work, thanks!

  0

Please sign in to leave a comment.