CentosControl PanelCWP

How to Enable open_basedir with suPHP globally and for Per User Basis on CWP – Centos WebPanel

In this tutorial we’ll enable open_basedir restriction globally for all user accounts or for each user accounts on your CWP server. It will increase your server security by limiting the access. CWP uses suPHP by default hence open_basedir can’t be enabled via apache vhost or .htaccess file with this options : php_admin_value open_basedir

open_basedir limits all I/O operations in userspace PHP to a certain configurable subset of the filesystem, in particular to a number of directories and their sub-directories,

it is mainly used to avoid modifications to the filesystem (part of) and other user accounts. It can also be used to mitigate the effect of vulnerable PHP scripts on the filesystems/server.

Lets Get Started, it is easy tutorial yet security benefit when combine with CWP suPHP :-

To enable Globally for all CWP user accounts

touch /usr/local/php/php.d/openbasedir.ini
echo "open_basedir = /home:/tmp:/var/tmp:/usr/local/lib/php/" > /usr/local/php/php.d/openbasedir.ini
service httpd restart

TO enable per user basis follow this guide :

## Create php.ini :
## or open the exisiting php.ini and add this line :
open_basedir = /home/username:/tmp:/var/tmp:/usr/local/lib/php/

## then restart apache service :
service httpd restart

**Replace the username with the actual user name listed in “List account”

You can also do it by yourself by creating a file: /usr/local/php/php.d/open_basedir.ini with the following content:

open_basedir = /home:/tmp:/var/tmp:/usr/local/lib/php/

To enable it for other php versions from the PHP selector you can create this config files with the same content:


Done you’ve just enabled open_basedir config for CWP suphp

Sandeep B.

I'm a system admin and php developer and currently working as System Admin In CWP Control panel, expertise in Linux and Windows administration RHEL certified admin.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button