Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2018-12-19, 10:55:01

Author Topic: [Solved] How to disable open_basedir  (Read 2399 times)

0 Members and 1 Guest are viewing this topic.

Offline mehawk

  • Valuable Member
  • *
  • Posts: 54
  • Karma: +0/-0
    • View Profile
    • Xplore Tech
[Solved] How to disable open_basedir
« on: 2018-01-16, 10:00:37 »
Hello Guys,

I need to disable open_basedir for one client preferably 1 domain or subdomain.

Reason:
I am trying to install a script which is giving following error:

Quote
open basedirError. open_basedir has value. Please clear value for open_basedir from php.ini

Here is the report of sh /script/sysinfo -y
Code: [Select]
A. Control Panel:
   - Kloxo-MR: 7.0.0.c-2017060801
   - Web: hiawatha-10.6.0-f.1.mr.el6.i686
   - PHP: php56s-5.6.30-2.ius.centos6 (fpm mode)
B. Plateform:
   - OS: CentOS release 6.9 (Final) i686
   - Hostname: server1.xplore.pk
C. Services:
   1. MySQL: MariaDB-server-10.0.31-1.el6.i686
   2. PHP:
      - Installed:
        - Branch: php54-cli-5.4.45-1.ius.el6.i686
        - Multiple:
          * php54m-5.4.45-1.ius.el6
          * php55m-5.5.38-1.ius.el6
          * php56m-5.6.30-2.ius.centos6
      - Used: php56m-fpm
      - Multiple: disable
   3. Web Used: apache
     - Hiawatha: hiawatha-10.6.0-f.1.mr.el6.i686
     - Lighttpd: lighttpd-1.4.45-1.el6.i686
     - Nginx: nginx-1.13.1-1.el6.ngx.i386
     - Apache: httpd24u-2.4.25-4.ius.centos6.i686
       - PHP Type: php-fpm_event
       - Secondary PHP: off
   4. WebCache: none
     - ATS: --uninstalled--
     - Squid: --uninstalled--
     - Varnish: --uninstalled--
   5. Dns: nsd
     - Bind: bind-9.9.9-1.mr.el6.i686
     - DJBDns: djbdns-1.05-17.4.mr.el6.i386
     - NSD: nsd-4.1.16-1.el6.i686
     - PowerDNS: pdns-4.0.3-1.el6.MIND.i686
     - Yadifa: yadifa-2.2.3-1.mr.el6.i686
   6. Mail: qmail-toaster-1.03-1.3.56.mr.el6.i686
      - pop3/imap4: courier-imap-toaster-4.1.2-1.3.20.mr.el6.i686
      - smtp: qmail-toaster-1.03-1.3.56.mr.el6.i686
      - spam: bogofilter-1.2.4-1.el6.i686
   7. FTP: pure-ftpd
      - pure-ftpd: pure-ftpd-1.0.37-1.mr.el6.i386
   8. Stats: awstats
      - awstats: kloxomr-stats-awstats-7.6-1.mr.noarch
D. Memory:
             total       used       free     shared    buffers     cached
Mem:          3072       2177        894         84          0       1398
-/+ buffers/cache:        779       2292
Swap:         3072        168       2903
E. Disk Space:
Filesystem         Size  Used Avail Use% Mounted on
/dev/ploop17353p1  119G   31G   83G  27% /


*** Process Time: 00:00:02:55.175710 (dd:hh:mm:ss:xxxxxx) ***

* Note: run 'sh /script/sysinfo -y' if you want run 'fix-service-list' also
        (importance after Kloxo-MR update)

« Last Edit: 2018-02-06, 10:59:50 by mehawk »
Website Designing, Development, Kloxo MR Based Hosting : https://www.xploretech.net | https://www.heraldlynx.com
Social Network: https://www.socialbees.me

Offline mehawk

  • Valuable Member
  • *
  • Posts: 54
  • Karma: +0/-0
    • View Profile
    • Xplore Tech
Re: How to disable open_basedir
« Reply #1 on: 2018-01-16, 12:49:07 »
[Update]

I successfully disabled the open_basedir for specific user. I will post the method here in few hours since many Kloxo MR users are looking to do this.
Website Designing, Development, Kloxo MR Based Hosting : https://www.xploretech.net | https://www.heraldlynx.com
Social Network: https://www.socialbees.me

Offline LotsOfQ

  • Master
  • **
  • Posts: 462
  • Karma: +1/-0
    • View Profile
Re: How to disable open_basedir
« Reply #2 on: 2018-01-25, 08:47:52 »
A few hours?

Offline azzureal

  • Senior Member
  • *
  • Posts: 334
  • Karma: +0/-0
    • View Profile

Offline mehawk

  • Valuable Member
  • *
  • Posts: 54
  • Karma: +0/-0
    • View Profile
    • Xplore Tech
Re: How to disable open_basedir
« Reply #4 on: 2018-02-06, 10:27:11 »
A few hours?

Sorry I forgot to write the method. I am writing it now
Website Designing, Development, Kloxo MR Based Hosting : https://www.xploretech.net | https://www.heraldlynx.com
Social Network: https://www.socialbees.me

Offline mehawk

  • Valuable Member
  • *
  • Posts: 54
  • Karma: +0/-0
    • View Profile
    • Xplore Tech
Re: How to disable open_basedir
« Reply #5 on: 2018-02-06, 10:28:19 »
Please check

https://forum.mratwork.com/kloxo-mr-technical-helps/how-to-disable-open_basedir/
Actually that thread is not clear for a new user thats why i am writing the method.
Website Designing, Development, Kloxo MR Based Hosting : https://www.xploretech.net | https://www.heraldlynx.com
Social Network: https://www.socialbees.me

Offline mehawk

  • Valuable Member
  • *
  • Posts: 54
  • Karma: +0/-0
    • View Profile
    • Xplore Tech
Re: How to disable open_basedir
« Reply #6 on: 2018-02-06, 10:58:37 »
Hello,

First of all you must know the risk. Disabling open_basedir is highly discouraged because its implement to stop scripts from accessing directories out side execution location. In simple words it makes your server highly vulnerable.

This post is made to disable for a client / user when server is using php-fpm:

Go to  /opt/configs/php-fpm/tpl

Copy the contents of " php53-fpm-pool.conf.tpl ".

Create a new file with the name of " custom.php53-fpm-pool.conf.tpl ".


Paste the contents of " php53-fpm-pool.conf.tpl " in " custom.php53-fpm-pool.conf.tpl " and save the file.

Now we have created custom template of php53-fpm we need to modify custom.php53-fpm53-fpm-pool.conf.tpl.

Open in edit mode "custom.php53-fpm53-fpm-pool.conf.tpl".

Find following code:

Code: [Select]
if ($user === 'apache') {
// MR -- for future purpose, apache user have uid 50000
$fpmport = 50000;
$openbasedir = "/home/:/tmp/:/usr/share/pear/:/var/lib/php/session/";
} else {
$userinfo = posix_getpwnam($user);
$fpmport = (50000 + $userinfo['uid']);
$openbasedir = "/home/$user/:/tmp/:/usr/share/pear/:/var/lib/php/session/:".
"/home/kloxo/httpd/script/:/home/kloxo/httpd/disable/:{$extrabasedir}";
}

Replace above mentioned code with:
Code: [Select]
if ($user === 'apache') {
// MR -- for future purpose, apache user have uid 50000
$fpmport = 50000;
$openbasedir = "/home/:/tmp/:/usr/share/pear/:/var/lib/php/session/";
} else {
$userinfo = posix_getpwnam($user);
$fpmport = (50000 + $userinfo['uid']);
                if ($user === 'username_which_wants_basedir_disabled'){ $openbasedir = "none"; }
                else{
$openbasedir = "/home/$user/:/tmp/:/usr/share/pear/:/var/lib/php/session/:".
"/home/kloxo/httpd/script/:/home/kloxo/httpd/disable/:{$extrabasedir}";}
}

you will replace "username_which_wants_basedir_disabled" with the username for which open_basedir is being disabled.

Now in SSH console run following commands:

Code: [Select]
sh /script/fixphp
sh /script/restart-web -y'

Now you can check phpini of that user base dir will be disabled.

Best Regards,
Mehroz Anjum
« Last Edit: 2018-02-06, 11:01:49 by mehawk »
Website Designing, Development, Kloxo MR Based Hosting : https://www.xploretech.net | https://www.heraldlynx.com
Social Network: https://www.socialbees.me

 


MRatWork Affiliates:    BIGRAF(R) Inc.    House of LMAR    EFARgrafix

Page created in 0.039 seconds with 23 queries.

web stats analysis