open_basedir restriction in effect

[sahostking]

How do I completely disable open_basedir restriction in effect

GEtting this for customers we transferred from cpanel that used sitepad.

We installed sitepad on new server aswell but same issue.

What are we missing? I thought if one uses CageFS or BubbleWrap this openbasedir is not required anymore?

How to disable pls.

 

[Richard G]

Disabling open_basedir in full? Well.... if you have CageFS or BubbleWrap and thats safe enough......

You can disable that via the admin panel under the extra features in admin panel.
I don't know exactly how it looks in Evo, but this is the commandline:
https://yourdomain.com:2222/CMD_PHP_SAFE_MODE

You can disable open_basedir there for new domains, and also select all existing domains and switch to off.

It's on by default on new installations, so since you know that now, on other new installations you can disable it before adding domains.

 

[sahostking]

Thanks

We use BubbleWrap on most servers and cloudlinux on a few others.

So you say if we disable it and we have either of the above we are safe?

 

[Richard G]

So you say if we disable it and we have either of the above we are safe?

No I don't. I say that if you think that either CageFS or Bubbelwrap is safe enough. I don't say that and don't confirm that.
I don't know myself, I never used either. Since I wonder myself if it's safe enough, I put the multple dots behind my statement.

Maybe somebody else can confirm the safety (or not).

 

[sahostking]

On cPanel we disabled open_basedir as Litespeed recommended it and we used CageFS for many years with no issues. So I assume its safe.
But just not sure about DirectAdmin.

Its just openbasedir is a pain and causes some weird errors in logs constantly. Even with new software like SitePad it gave initial issues where SitePad Admin had to to help us solve that issue.

 

[Ohm J]

This for best safe choice.
If it me, I will find ways to solve error about open_basedir and custom httpd or php-fpm to add more path to open_basedir


idk how sitepad work with file directory,

Example: I custom php-fpm.conf to add extra tmp folder ( this will apply to new domains)

"CUSTOM1 Section"

|?OPEN_BASEDIR_PATH=`OPEN_BASEDIR_PATH`:/tmp2/|

this will add /tmp2 to open_basedir

Even you use CaseFS and BubbleWrap, but you want to makesure it secure. ( so you not need to worry about security )
this will more secure than completely disable open_basedir.

 

[sahostking]

Litespeed
https://docs.litespeedtech.com/cp/cpanel/high-load/ seems to recommend it to be off.

 

[sparek]

This for best safe choice.
If it me, I will find ways to solve error about open_basedir and custom httpd or php-fpm to add more path to open_basedir

This. I would want to know what file PHP is trying to access that is outside of the confines of open_basedir and then determine if that path is really needed by the account.

Not sure what path Sitepad is needing that isn't included in your open_basedir.

I know we've had clients write into us saying that they need open_basedir disabled because their script is complaining about it. When we ask what file the script is trying to access... all we get back is crickets chirping.

The point is, disabling anything that's security related usually isn't the best solution. You have to be willing to dive a little deeper and understand why it's causing an issue first. Then if you determine that disabling the security measure is best at least you have a better understanding.