ServerBuddies Support Blog

Cpanel PHP open_basedir Tweak

open_basedir: A feature that uses PHP to prevent users from opening files outside their home directories. This can be enabled using WHM’s PHP open_basedir Tweak feature.

This parameter allows you to limit file operations to a specific directory. Attackers will often attempt to find ways to include local files in PHP scripts to gain information about your server’s filesystem.

The open_basedir tweak prevents users from browsing the file system using PHP. It does this by limiting PHP’s access to the user’s home directory, /tmp, and a few necessary PHP system directories. If you wish to use the open_basedir tweak with a PHP handler other than DSO, you will need to manually specify the open_basedir directive in each user’s php.ini file.

To prevent accounts from accessing foreign files using PHP:

#Click the Enable php open_basedir Protection checkbox at the top of the list.
#Select domains you wish to exclude, disabling protection for their files.
#Click Save.

Tags: cpanel, open_basedir, PHP, Tweak

Trackback URI | Comments RSS