Hello,
First of all you must know the risk. Disabling open_basedir is highly discouraged because its implement to stop scripts from accessing directories out side execution location. In simple words it makes your server highly vulnerable.
This post is made to disable for a client / user when server is using php-fpm:
Go to /opt/configs/php-fpm/tpl
Copy the contents of " php53-fpm-pool.conf.tpl ".
Create a new file with the name of " custom.php53-fpm-pool.conf.tpl ".
Paste the contents of " php53-fpm-pool.conf.tpl " in " custom.php53-fpm-pool.conf.tpl " and save the file.
Now we have created custom template of php53-fpm we need to modify custom.php53-fpm53-fpm-pool.conf.tpl.
Open in edit mode "custom.php53-fpm53-fpm-pool.conf.tpl".
Find following code:
if ($user === 'apache') {
// MR -- for future purpose, apache user have uid 50000
$fpmport = 50000;
$openbasedir = "/home/:/tmp/:/usr/share/pear/:/var/lib/php/session/";
} else {
$userinfo = posix_getpwnam($user);
$fpmport = (50000 + $userinfo['uid']);
$openbasedir = "/home/$user/:/tmp/:/usr/share/pear/:/var/lib/php/session/:".
"/home/kloxo/httpd/script/:/home/kloxo/httpd/disable/:{$extrabasedir}";
}
Replace above mentioned code with:
if ($user === 'apache') {
// MR -- for future purpose, apache user have uid 50000
$fpmport = 50000;
$openbasedir = "/home/:/tmp/:/usr/share/pear/:/var/lib/php/session/";
} else {
$userinfo = posix_getpwnam($user);
$fpmport = (50000 + $userinfo['uid']);
if ($user === 'username_which_wants_basedir_disabled'){ $openbasedir = "none"; }
else{
$openbasedir = "/home/$user/:/tmp/:/usr/share/pear/:/var/lib/php/session/:".
"/home/kloxo/httpd/script/:/home/kloxo/httpd/disable/:{$extrabasedir}";}
}
you will replace "username_which_wants_basedir_disabled" with the username for which open_basedir is being disabled.
Now in SSH console run following commands:
sh /script/fixphp
sh /script/restart-web -y'
Now you can check phpini of that user base dir will be disabled.
Best Regards,
Mehroz Anjum