Apr 16th, 2011
Cpanel PHP open_basedir Tweak
Cpanel PHP open_basedir Tweak
open_basedir: A feature that uses PHP to prevent users from opening files outside their home directories. This can be enabled using WHM’s PHP open_basedir Tweak feature.
This parameter allows you to limit file operations to a specific directory. Attackers will often attempt to find ways to include local files in PHP scripts to gain information about your server’s filesystem.
The open_basedir tweak prevents users from browsing the file system using PHP. It does this by limiting PHP’s access to the user’s home directory, /tmp, and a few necessary PHP system directories. If you wish to use the open_basedir tweak with a PHP handler other than DSO, you will need to manually specify the open_basedir directive in each user’s php.ini file.
To prevent accounts from accessing foreign files using PHP:
#Click the Enable php open_basedir Protection checkbox at the top of the list.
#Select domains you wish to exclude, disabling protection for their files.
#Click Save.
