The open_basedir tweak limits the user's ability to browse the file system with PHP. It prevents PHP's access to the user's home directory, the /tmpdirectory, and some necessary PHP system directories. This helps to protect your system from unauthorized access through PHP.
Note:
This security tweak modifies the Apache configuration file, regardless of the PHP handler that you select.
-
Apache only uses configuration file PHP directives if you select the DSO handler.
- If you configure PHP to run as a CGI, suPHP, or FastCGI process, you must manually specify the
open_basedirdirective in the appropriatephp.inifile. Each user requires their ownphp.inifiles when you select a PHP handler that is not DSO.
Enable the open_basedir tweak
To enable the open_basedir tweak, perform the following steps:
- Select the Enable php open_basedir Protection checkbox.
- Select the checkboxes that correspond to the domains that you wish to exclude.
- Click Save.
open_basedir directives
When you enable the open_basedir tweak, the system adds PHP directives to each Virtual Host in the httpd.conf file.
These directives limit users' PHP access to the following directories:
/usr/lib/php
/usr/local/lib/php
/tmp
