Page tree
Skip to end of metadata
Go to start of metadata

This document is for a previous release of cPanel & WHM. To view our latest documentation, visit our Home page.

For cPanel & WHM 11.46

(Home >> Security Center >> PHP open_basedir Tweak)

Overview

The open_basedir tweak limits users' ability to browse the file system with PHP. It prevents PHP's access to the user's home directory, /tmp, and some necessary PHP system directories. This protects foreign files from PHP access.

Note:

This security tweak modifies the Apache configuration file, regardless of the PHP handler that you have selected.

  • Apache configuration file directives for PHP only take effect if you select the DSO handler. 
  • If you have configured PHP to run as a CGI, suPHP, or FastCGI process, you must manually specify the open_basedir directive in the appropriate php.ini file. Users must each have their own php.ini files when they use a PHP handler that is not DSO. 

 

Enable the open_basedir tweak

To enable the open_basedir tweak, perform the following steps:

  1. Select the Enable php open_basedir Protection checkbox.
  2. Select the domains that you wish to exclude, and disable protection for their files.
  3. Click Save.

open_basedir directives

When you enable the open_basedir tweak, the system adds PHP admin directives to each Virtual Host in the httpd.conf file.

These directives limit users' PHP access to the following directories:

/usr/lib/php
/usr/local/lib/php
/tmp

 

If PHP 4 is compiled into Apache, users can also access the following directories: 

/usr/php4/lib/php 
/usr/local/php4/lib/php

Related documentation