open_basedir problem.

Discussion in 'Installation/Configuration' started by CubAfull, Sep 16, 2008.

  1. CubAfull

    CubAfull New Member

    ok
    were i can change the value for open_basedir to no value

    I try to modify my php.ini but the changes will not take effect :(

    I need open_basedir no value

    I always get open_basedir /var/www/web5

    Im using:

    Debian etch, suPHP, ISPConfig 2.2.25.

    I have a script that need this configuration.

    please help. :(
     
  2. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Ths value can not be changed individually. The only thing you can do is to disable php for the wesbite and then configure php manually by adding directives to the apache directives field without using the suphp wrapper script from ispconfig. Please be aware that it is security risk to run scripts without the open_basedir restriction.
     
  3. CubAfull

    CubAfull New Member

    thank you till, im the only user in the server.....is for my own domains

    this is the correct script to change this value?
    /home/admispconfig/ispconfig/tools/suphp/usr/bin/php-wrapper

    i need to change this

    Code:
    exec php-cgi -d open_basedir=${BASEDIR} -d upload_tmp_dir=${TMPDIR} -d session.save_path=${SESSDIR} -d safe_mode=${SAFE_MODE}
    to

    Code:
    exec php-cgi -d upload_tmp_dir=${TMPDIR} -d session.save_path=${SESSDIR} -d safe_mode=${SAFE_MODE}

    is correct ?? or.... which is the correct way?
     
  4. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Yes.

    If you are the only user, then its fine to change it globally. You should just be aware that if you run sites on the internet and one gets hacked, this might affect the whole server then.
     
  5. CubAfull

    CubAfull New Member

    Upss....is really dangerous :(

    one more thing (only to learn)
    in CPanel you can turn the open_basedir on or off.....
    in this case is a security risk to ?.....


    thank you till for your prompt response.
     
  6. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Yes. This does not depend on the controlpanel. If OpenBasedir is off, a PHP script may access the whole server. For example:

    $lines = file('/etc/passwd');
    print_r($lines);

    would output you a list of all users that are on the server, if openbasedir is not enabled as the passwd file is world readable.
     
  7. CubAfull

    CubAfull New Member

    :eek: thank till...this realy help me alot, no more questions.

    thank for your time and work.
     

Share This Page