Widening open_basedir

Post Reply
User avatar
myVesta
Site Admin
Posts: 937
Joined: Fri Jun 19, 2020 9:59 am
Has thanked: 8 times
Been thanked: 6 times

open_basedir is a restriction to prevent a website from accessing any paths on the server that are not authorized, such as the paths to other domains on shared web servers, or to access the hosting software.
The open_basedir function defines the locations or paths from which PHP is allowed to access files using functions like fopen(), fwrite(), file_get_contents(), file_put_contents().
If a file path is outside the paths defined by open_basedir, PHP will refuse to open it - keeping your server safe from unauthorized access.
For example, a site can be hacked and infected with malware that wants to hack your whole server - open_basedir will prevent it - allowing a hacker to infect only that site - not the entire server.

However, sometimes your PHP scripts need to access the files outside your site's public_html folder.
In that case, you need to expand the open_basedir restriction of your site.

For example, let's say you want to put wide open_basedir for example.com domain.

First, check what PHP version you run on the example.com domain.

In your SSH run:

Code: Select all

sudo /usr/local/vesta/bin/v-get-php-version-of-domain example.com
The output will be, for example:

Code: Select all

8.0
We see here it's PHP 8.0

Now in your SSH, as root account, edit it's fpm conf file:

Code: Select all

sudo mcedit /etc/php/8.0/fpm/pool.d/example.com.conf
Here, in this file path example, you will see 8.0 as the php version and example.com as a domain.



Now let's go to edit this conf file.
Now you will see this line:

Screenshot_120.png
Screenshot_120.png (59.88 KiB)

That is a line:

Code: Select all

php_admin_value[open_basedir] = /home/admin/web/example.com/public_html:/home/admin/tmp:etc...
For us it's important the first part of the value:

Code: Select all

php_admin_value[open_basedir] = /home/admin/web/example.com/public_html: ...
Change it to a wider path, for example:

Code: Select all

php_admin_value[open_basedir] = /home/admin/web/example.com: ...
or

Code: Select all

php_admin_value[open_basedir] = /home/admin/web: ...
or even

Code: Select all

php_admin_value[open_basedir] = /home/admin: ...
(do not delete the rest of the line, just cut the first path)

Press F2 on your keyboard and confirm saving:
Screenshot_121.png
Screenshot_121.png (66.85 KiB)

Press ESC twice on your keyboard to exit the editor.


In the end, restart your PHP-FPM by running:

Code: Select all

sudo systemctl restart php8.0-fpm
(NOTE: it may be some other PHP version, depending on what PHP version your domain is using)

Screenshot_122.png
Screenshot_122.png (12.97 KiB)
Radi
Posts: 7
Joined: Fri Nov 26, 2021 2:33 pm

What is the default open_basedir configuration out of the box?
Post Reply