MRatWork Forum by Mustafa Ramadhan

Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: mehawk on 2018-01-16, 10:00:37

Title: [Solved] How to disable open_basedir
Post by: mehawk on 2018-01-16, 10:00:37

Hello Guys,

I need to disable open_basedir for one client preferably 1 domain or subdomain.

Reason:
I am trying to install a script which is giving following error:

Quote

open basedirError. open_basedir has value. Please clear value for open_basedir from php.ini

Here is the report of sh /script/sysinfo -y

Code: [Select]

A. Control Panel:
   - Kloxo-MR: 7.0.0.c-2017060801
   - Web: hiawatha-10.6.0-f.1.mr.el6.i686
   - PHP: php56s-5.6.30-2.ius.centos6 (fpm mode)
B. Plateform:
   - OS: CentOS release 6.9 (Final) i686
   - Hostname: server1.xplore.pk
C. Services:
   1. MySQL: MariaDB-server-10.0.31-1.el6.i686
   2. PHP:
      - Installed:
        - Branch: php54-cli-5.4.45-1.ius.el6.i686
        - Multiple:
          * php54m-5.4.45-1.ius.el6
          * php55m-5.5.38-1.ius.el6
          * php56m-5.6.30-2.ius.centos6
      - Used: php56m-fpm
      - Multiple: disable
   3. Web Used: apache
     - Hiawatha: hiawatha-10.6.0-f.1.mr.el6.i686
     - Lighttpd: lighttpd-1.4.45-1.el6.i686
     - Nginx: nginx-1.13.1-1.el6.ngx.i386
     - Apache: httpd24u-2.4.25-4.ius.centos6.i686
       - PHP Type: php-fpm_event
       - Secondary PHP: off
   4. WebCache: none
     - ATS: --uninstalled--
     - Squid: --uninstalled--
     - Varnish: --uninstalled--
   5. Dns: nsd
     - Bind: bind-9.9.9-1.mr.el6.i686
     - DJBDns: djbdns-1.05-17.4.mr.el6.i386
     - NSD: nsd-4.1.16-1.el6.i686
     - PowerDNS: pdns-4.0.3-1.el6.MIND.i686
     - Yadifa: yadifa-2.2.3-1.mr.el6.i686
   6. Mail: qmail-toaster-1.03-1.3.56.mr.el6.i686
      - pop3/imap4: courier-imap-toaster-4.1.2-1.3.20.mr.el6.i686
      - smtp: qmail-toaster-1.03-1.3.56.mr.el6.i686
      - spam: bogofilter-1.2.4-1.el6.i686
   7. FTP: pure-ftpd
      - pure-ftpd: pure-ftpd-1.0.37-1.mr.el6.i386
   8. Stats: awstats
      - awstats: kloxomr-stats-awstats-7.6-1.mr.noarch
D. Memory:
             total       used       free     shared    buffers     cached
Mem:          3072       2177        894         84          0       1398
-/+ buffers/cache:        779       2292
Swap:         3072        168       2903
E. Disk Space:
Filesystem         Size  Used Avail Use% Mounted on
/dev/ploop17353p1  119G   31G   83G  27% /


*** Process Time: 00:00:02:55.175710 (dd:hh:mm:ss:xxxxxx) ***

* Note: run 'sh /script/sysinfo -y' if you want run 'fix-service-list' also
        (importance after Kloxo-MR update)


Title: Re: How to disable open_basedir
Post by: mehawk on 2018-01-16, 12:49:07

[Update]

I successfully disabled the open_basedir for specific user. I will post the method here in few hours since many Kloxo MR users are looking to do this.

Title: Re: How to disable open_basedir
Post by: LotsOfQ on 2018-01-25, 08:47:52

A few hours?

Title: Re: How to disable open_basedir
Post by: azzureal on 2018-02-03, 03:23:30

Please check

https://forum.mratwork.com/kloxo-mr-technical-helps/how-to-disable-open_basedir/

Title: Re: How to disable open_basedir
Post by: mehawk on 2018-02-06, 10:27:11

Quote from: LotsOfQ on 2018-01-25, 08:47:52

A few hours?

Sorry I forgot to write the method. I am writing it now

Title: Re: How to disable open_basedir
Post by: mehawk on 2018-02-06, 10:28:19

Quote from: azzureal on 2018-02-03, 03:23:30

Please check

https://forum.mratwork.com/kloxo-mr-technical-helps/how-to-disable-open_basedir/

Actually that thread is not clear for a new user thats why i am writing the method.

Title: Re: How to disable open_basedir
Post by: mehawk on 2018-02-06, 10:58:37

Hello,

First of all you must know the risk. Disabling open_basedir is highly discouraged because its implement to stop scripts from accessing directories out side execution location. In simple words it makes your server highly vulnerable.

This post is made to disable for a client / user when server is using php-fpm:

Go to  /opt/configs/php-fpm/tpl

Copy the contents of " php53-fpm-pool.conf.tpl ".

Create a new file with the name of " custom.php53-fpm-pool.conf.tpl ".

Paste the contents of " php53-fpm-pool.conf.tpl " in " custom.php53-fpm-pool.conf.tpl " and save the file.

Now we have created custom template of php53-fpm we need to modify custom.php53-fpm53-fpm-pool.conf.tpl.

Open in edit mode "custom.php53-fpm53-fpm-pool.conf.tpl".

Find following code:

Code: [Select]

if ($user === 'apache') {
// MR -- for future purpose, apache user have uid 50000
$fpmport = 50000;
$openbasedir = "/home/:/tmp/:/usr/share/pear/:/var/lib/php/session/";
} else {
$userinfo = posix_getpwnam($user);
$fpmport = (50000 + $userinfo['uid']);
$openbasedir = "/home/$user/:/tmp/:/usr/share/pear/:/var/lib/php/session/:".
"/home/kloxo/httpd/script/:/home/kloxo/httpd/disable/:{$extrabasedir}";
}
Replace above mentioned code with:

Code: [Select]

if ($user === 'apache') {
// MR -- for future purpose, apache user have uid 50000
$fpmport = 50000;
$openbasedir = "/home/:/tmp/:/usr/share/pear/:/var/lib/php/session/";
} else {
$userinfo = posix_getpwnam($user);
$fpmport = (50000 + $userinfo['uid']);
                if ($user === 'username_which_wants_basedir_disabled'){ $openbasedir = "none"; }
                else{
$openbasedir = "/home/$user/:/tmp/:/usr/share/pear/:/var/lib/php/session/:".
"/home/kloxo/httpd/script/:/home/kloxo/httpd/disable/:{$extrabasedir}";}
}

you will replace "username_which_wants_basedir_disabled" with the username for which open_basedir is being disabled.

Now in SSH console run following commands:

Code: [Select]

sh /script/fixphp
sh /script/restart-web -y'

Now you can check phpini of that user base dir will be disabled.

Best Regards,
Mehroz Anjum