Announcement

Collapse
No announcement yet.

any need for open_basedir paths with php selector and cagefs

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • any need for open_basedir paths with php selector and cagefs

    Hi Guys
    is there any reason i need to keep my current openbasdir directives in the alternate versions of php.ini after installing cagefs and php selector?
    such as
    /home/:/usr/local/lib/php:/tmp:/usr/bin/gzip:/var/cpanel/rvglobalsoft/rvsitebuilder:/usr/local/IonCube
    Thanks
    John

  • #2
    also wondering why open_basedir is listed as an option a user can change in their php selector otpions? does this not post a potential security risk?

    Comment


    • #3
      John,

      That is because PHP Selector works only inside CageFS. And inside CageFS users are free to roam and explore -- there is no sensitive info anywhere.
      And also because open_basedir is fake sense of security which I wish more people would understand. It is so easy to circumvent on most shared hosting platforms that its presence does exactly nothing.
      Of course if you dont like your customers being able to change it, remove it:

      Comment


      • #4
        Hi Igor,

        Do I understand this correctly?

        - If CloudLinux + CageFS is installed (suPHP / suexec environment) and CageFS is enabled for all users, then all PHP/CGI requests (suPHP / suexec) are processed through the users cage
        - For caged users, it doesnt matter if open_basedir is set or not, since PHP processes will not be able to break out of /home/

        Is this correct? Or is it still recommended to set per-user restrictive open_basedir in PHP.ini (PHP 5.3+) as an added safety measure?

        Mike

        Comment

        Working...
        X