Widening open_basedir
Posted: Mon Jan 30, 2023 1:07 pm
open_basedir is a restriction to prevent a website from accessing any paths on the server that are not authorized, such as the paths to other domains on shared web servers, or to access the hosting software.
The open_basedir function defines the locations or paths from which PHP is allowed to access files using functions like fopen(), fwrite(), file_get_contents(), file_put_contents().
If a file path is outside the paths defined by open_basedir, PHP will refuse to open it - keeping your server safe from unauthorized access.
For example, a site can be hacked and infected with malware that wants to hack your whole server - open_basedir will prevent it - allowing a hacker to infect only that site - not the entire server.
However, sometimes your PHP scripts need to access the files outside your site's public_html folder.
In that case, you need to expand the open_basedir restriction of your site.
For example, let's say you want to put wide open_basedir for example.com domain.
In your SSH run:
Now let's go to edit this conf file.
You will see this line:
That is a line:
For us it's important the first part of the value:
Change it to a wider path, for example:
or
or even
(do not delete the rest of the line, just cut the first path)
Press F2 on your keyboard and confirm saving:
Press ESC twice on your keyboard to exit the editor.
PHP-FPM will automatically reload our changes.
The open_basedir function defines the locations or paths from which PHP is allowed to access files using functions like fopen(), fwrite(), file_get_contents(), file_put_contents().
If a file path is outside the paths defined by open_basedir, PHP will refuse to open it - keeping your server safe from unauthorized access.
For example, a site can be hacked and infected with malware that wants to hack your whole server - open_basedir will prevent it - allowing a hacker to infect only that site - not the entire server.
However, sometimes your PHP scripts need to access the files outside your site's public_html folder.
In that case, you need to expand the open_basedir restriction of your site.
For example, let's say you want to put wide open_basedir for example.com domain.
In your SSH run:
Code: Select all
sudo /usr/local/vesta/bin/v-edit-domain-php-ini example.comYou will see this line:
- Screenshot_120.png (59.88 KiB)
That is a line:
Code: Select all
php_admin_value[open_basedir] = /home/admin/web/example.com/public_html:/home/admin/tmp:etc...Code: Select all
php_admin_value[open_basedir] = /home/admin/web/example.com/public_html: ...Code: Select all
php_admin_value[open_basedir] = /home/admin/web/example.com: ...Code: Select all
php_admin_value[open_basedir] = /home/admin/web: ...Code: Select all
php_admin_value[open_basedir] = /home/admin: ...Press F2 on your keyboard and confirm saving:
- Screenshot_121.png (66.85 KiB)
Press ESC twice on your keyboard to exit the editor.
PHP-FPM will automatically reload our changes.