Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Include Page
_Version
_Version

(Home >> Security Center >> PHP open_basedir Tweak)

Table of Contents
stylenone

Overview

The open_basedir tweak limits the user's ability to browse the file system with PHP. It prevents PHP's access to the user's home directory, the /tmp directory, and some necessary PHP system directories. This helps to protect your system from unauthorized access through PHP.

Note
titleNote:

This security tweak modifies the Apache configuration file, regardless of the PHP handler that you select.

  • Apache only uses configuration file PHP directives if you select the DSO handler.

  • If you configure PHP to run as a CGI, suPHP, or FastCGI process, you must manually specify the open_basedir directive in the appropriate php.ini file. Each user requires their own php.ini files when you select a PHP handler that is not DSO. 

Enable the open_basedir tweak

To enable the open_basedir tweak, perform the following steps:

  1. Select the Enable php open_basedir Protection checkbox.
  2. Select the checkboxes that correspond to the domains that you wish to exclude.
  3. Click Save.

open_basedir directives

When you enable the open_basedir tweak, the system adds PHP directives to each Virtual Host in the httpd.conf file.

These directives limit users' PHP access to the following directories:

Code Block
languagebash
linenumberstrue
/usr/lib/php
/usr/local/lib/php
/tmp 

Additional documentation

Localtab Group
Localtab
activetrue
titleSuggested documentation

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel in ("security","php","apache") and space = currentSpace()

Localtab
titleFor cPanel users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel in ("security","apache","php") and label = "cpanel" and space = currentSpace()

Localtab
titleFor WHM users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel in ("security","apache","php") and label = "whm" and space = currentSpace()

Localtab
titleFor developers

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel in ("security","php","apache") and space = "SDK"