MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: mehawk on 2018-01-16, 10:00:37
-
Hello Guys,
I need to disable open_basedir for one client preferably 1 domain or subdomain.
Reason:
I am trying to install a script which is giving following error:
open basedirError. open_basedir has value. Please clear value for open_basedir from php.ini
Here is the report of sh /script/sysinfo -y
A. Control Panel:
- Kloxo-MR: 7.0.0.c-2017060801
- Web: hiawatha-10.6.0-f.1.mr.el6.i686
- PHP: php56s-5.6.30-2.ius.centos6 (fpm mode)
B. Plateform:
- OS: CentOS release 6.9 (Final) i686
- Hostname: server1.xplore.pk
C. Services:
1. MySQL: MariaDB-server-10.0.31-1.el6.i686
2. PHP:
- Installed:
- Branch: php54-cli-5.4.45-1.ius.el6.i686
- Multiple:
* php54m-5.4.45-1.ius.el6
* php55m-5.5.38-1.ius.el6
* php56m-5.6.30-2.ius.centos6
- Used: php56m-fpm
- Multiple: disable
3. Web Used: apache
- Hiawatha: hiawatha-10.6.0-f.1.mr.el6.i686
- Lighttpd: lighttpd-1.4.45-1.el6.i686
- Nginx: nginx-1.13.1-1.el6.ngx.i386
- Apache: httpd24u-2.4.25-4.ius.centos6.i686
- PHP Type: php-fpm_event
- Secondary PHP: off
4. WebCache: none
- ATS: --uninstalled--
- Squid: --uninstalled--
- Varnish: --uninstalled--
5. Dns: nsd
- Bind: bind-9.9.9-1.mr.el6.i686
- DJBDns: djbdns-1.05-17.4.mr.el6.i386
- NSD: nsd-4.1.16-1.el6.i686
- PowerDNS: pdns-4.0.3-1.el6.MIND.i686
- Yadifa: yadifa-2.2.3-1.mr.el6.i686
6. Mail: qmail-toaster-1.03-1.3.56.mr.el6.i686
- pop3/imap4: courier-imap-toaster-4.1.2-1.3.20.mr.el6.i686
- smtp: qmail-toaster-1.03-1.3.56.mr.el6.i686
- spam: bogofilter-1.2.4-1.el6.i686
7. FTP: pure-ftpd
- pure-ftpd: pure-ftpd-1.0.37-1.mr.el6.i386
8. Stats: awstats
- awstats: kloxomr-stats-awstats-7.6-1.mr.noarch
D. Memory:
total used free shared buffers cached
Mem: 3072 2177 894 84 0 1398
-/+ buffers/cache: 779 2292
Swap: 3072 168 2903
E. Disk Space:
Filesystem Size Used Avail Use% Mounted on
/dev/ploop17353p1 119G 31G 83G 27% /
*** Process Time: 00:00:02:55.175710 (dd:hh:mm:ss:xxxxxx) ***
* Note: run 'sh /script/sysinfo -y' if you want run 'fix-service-list' also
(importance after Kloxo-MR update)
-
[Update]
I successfully disabled the open_basedir for specific user. I will post the method here in few hours since many Kloxo MR users are looking to do this.
-
A few hours?
-
Please check
https://forum.mratwork.com/kloxo-mr-technical-helps/how-to-disable-open_basedir/
-
A few hours?
Sorry I forgot to write the method. I am writing it now
-
Please check
https://forum.mratwork.com/kloxo-mr-technical-helps/how-to-disable-open_basedir/
Actually that thread is not clear for a new user thats why i am writing the method.
-
Hello,
First of all you must know the risk. Disabling open_basedir is highly discouraged because its implement to stop scripts from accessing directories out side execution location. In simple words it makes your server highly vulnerable.
This post is made to disable for a client / user when server is using php-fpm:
Go to /opt/configs/php-fpm/tpl
Copy the contents of " php53-fpm-pool.conf.tpl ".
Create a new file with the name of " custom.php53-fpm-pool.conf.tpl ".
Paste the contents of " php53-fpm-pool.conf.tpl " in " custom.php53-fpm-pool.conf.tpl " and save the file.
Now we have created custom template of php53-fpm we need to modify custom.php53-fpm53-fpm-pool.conf.tpl.
Open in edit mode "custom.php53-fpm53-fpm-pool.conf.tpl".
Find following code:
if ($user === 'apache') {
// MR -- for future purpose, apache user have uid 50000
$fpmport = 50000;
$openbasedir = "/home/:/tmp/:/usr/share/pear/:/var/lib/php/session/";
} else {
$userinfo = posix_getpwnam($user);
$fpmport = (50000 + $userinfo['uid']);
$openbasedir = "/home/$user/:/tmp/:/usr/share/pear/:/var/lib/php/session/:".
"/home/kloxo/httpd/script/:/home/kloxo/httpd/disable/:{$extrabasedir}";
}
Replace above mentioned code with:
if ($user === 'apache') {
// MR -- for future purpose, apache user have uid 50000
$fpmport = 50000;
$openbasedir = "/home/:/tmp/:/usr/share/pear/:/var/lib/php/session/";
} else {
$userinfo = posix_getpwnam($user);
$fpmport = (50000 + $userinfo['uid']);
if ($user === 'username_which_wants_basedir_disabled'){ $openbasedir = "none"; }
else{
$openbasedir = "/home/$user/:/tmp/:/usr/share/pear/:/var/lib/php/session/:".
"/home/kloxo/httpd/script/:/home/kloxo/httpd/disable/:{$extrabasedir}";}
}
you will replace "username_which_wants_basedir_disabled" with the username for which open_basedir is being disabled.
Now in SSH console run following commands:
sh /script/fixphp
sh /script/restart-web -y'
Now you can check phpini of that user base dir will be disabled.
Best Regards,
Mehroz Anjum