Hi Igor,
Do I understand this correctly?
- If CloudLinux + CageFS is installed (suPHP / suexec environment) and CageFS is enabled for all users, then all PHP/CGI requests (suPHP / suexec) are processed through the users cage
- For caged users, it doesnt matter if open_basedir is set or not, since PHP processes will not be able to break out of /home/
Is this correct? Or is it still recommended to set per-user restrictive open_basedir in PHP.ini (PHP 5.3+) as an added safety measure?
Mike
-
John,
That is because PHP Selector works only inside CageFS. And inside CageFS users are free to roam and explore -- there is no sensitive info anywhere.
And also because open_basedir is fake sense of security which I wish more people would understand. It is so easy to circumvent on most shared hosting platforms that its presence does exactly nothing.
Of course if you dont like your customers being able to change it, remove it:
Leave a comment:
-
also wondering why open_basedir is listed as an option a user can change in their php selector otpions? does this not post a potential security risk?Leave a comment:
-
any need for open_basedir paths with php selector and cagefs
Hi Guys
is there any reason i need to keep my current openbasdir directives in the alternate versions of php.ini after installing cagefs and php selector?
such as
/home/:/usr/local/lib/php:/tmp:/usr/bin/gzip:/var/cpanel/rvglobalsoft/rvsitebuilder:/usr/local/IonCube
Thanks
John
Leave a comment: