1) How would the value "open_basedir" look like for "php5-cgi"(suPHP)?
2) What is the right right way to configurate the user file php.ini for php5-cgi suPHP. To be more specific: we need to get an independent the php.ini file for every user, so that the user couldn't do any manipulations with that file.

Why do you need open_basedir for it? suPHP doesn't allow to go outside the directory (unless other files are owned by the same user). If you will use system() function - it doesn't look for open_basedir value, because it can execute any ssh command. About the php.ini file - you can set anything you want in /usr/local/suphp/etc/suphp.conf. Good luck!

Can a shell wrapper script be used to execute the custom user php.ini ?

Why do you need open_basedir for it? suPHP doesn't allow to go outside the directory (unless other files are owned by the same user). If you will use system() function - it doesn't look for open_basedir value, because it can execute any ssh command. About the php.ini file - you can set anything you want in /usr/local/suphp/etc/suphp.conf. Good luck!

any user can view any file outside his directory

<?php
readfile('/etc/passwd');
?>


system
apache 1.3 suphp(php-cgi 5)

alexey.world, not any. /etc/passwd is word-readable. Try to read something like /home/otheruser/domains/otherdomain.com/public_html/config.php :)

alexey.world, not any. /etc/passwd is word-readable. Try to read something like /home/otheruser/domains/otherdomain.com/public_html/config.php :)

also works.. i dont understand nothing. I have php5 with cgi suphp but i think that is an open hole.. why is possible /home/oneuser/public_html/ could read all files in the server? not only /etc/passwd if i put in the readfile funtion /home/otheruser/public_html/config.php i can see all the source code of the php.

I have try with open base dir in off and on and the same...

Help

http://help.directadmin.com/item.php?id=183

can you provide a user_create_post.sh script that adds a php.ini file into /home/username/php.ini and sets the open_basedir value?
i think the script should add with custombuild.

This should give you an idea http://www.directadmin.com/forum/showpost.php?p=107173&postcount=206

i don't know how to replace the default open_basedir with /home/username/

i would suggest

perl -pi -e 's/;open_basedir =/open_basedir =\/home\/$username/' /home/$username/php.ini

try this:
#!/bin/sh

# Default php.ini location
DEFPHPINI=/usr/local/etc/php5/cgi/php.ini

# PHP.ini user location
USERPHPINI=/home/$username/php.ini

cp $DEFPHPINI $USERPHPINI

perl -pi -e 's/;open_basedir =/open_basedir =\/home\/$username/' $USERPHPINI

chown root:root $USERPHPINI

thanks, will try then post result.

btw, when deleting that user, is the php.ini going to be deleted as well? since it's with root:root.

Yes the system will delete it ok

The $username variable in the perl line does not work!

This works fine:

#!/bin/sh

# Default php.ini location
DEFPHPINI=/usr/local/etc/php5/cgi/php.ini

# PHP.ini user location
USERPHPINI=/home/$username/php.ini

cp $DEFPHPINI $USERPHPINI

#### Cant get this to work!!!
#### perl -pi -e 's/;open_basedir =/open_basedir =\/home\/$username/g' $USERPHPINI

# Temp fix to insert path into php.ini
echo "open_basedir =/home/$username" >> $USERPHPINI

chown root:root $USERPHPINI

iceuk626, it does :) Just change

perl -pi -e 's/;open_basedir =/open_basedir =\/home\/$username/g' $USERPHPINI


With:

perl -pi -e "s/;open_basedir =/open_basedir =\/home\/$username/g" $USERPHPINI

hehe thanks :)

All works fine apart from anything in /var/www/html

Everything i use is chown to webapps:webapps

What php.ini does /var/www/html use? when i uncomment suPHP_ConfigPath /usr/local/etc/php5/cgi/ in the suphp httpd conf all works fine again, but everthing goes back to the default php.ini.

All works fine apart from anything in /var/www/html

Everything i use is chown to webapps:webapps

What php.ini does /var/www/html use? when i uncomment suPHP_ConfigPath /usr/local/etc/php5/cgi/ in the suphp httpd conf all works fine again, but everthing goes back to the default php.ini.

http://help.directadmin.com/item.php?id=176

Hope this help you

That does not help...

What i need to know is where is /var/www/html looking for the php.ini?

That does not help...

What i need to know is where is /var/www/html looking for the php.ini?

the php default, but you can use own php for var/www/html

the php default, but you can use own php for var/www/html

Where do i set the /var/www/html to use its own custom php.ini ?

Where do i set the /var/www/html to use its own custom php.ini ?

n /etc/httpd/conf/httpd.conf n the vhost for /var/www/http add the code of Suconfg and set the path to php

There is a problem.
There is a file php.ini(root:root), he is located in public_html/php.ini and /home/users/php.ini. How to forbid renaming of file through Proftpd.
Please help.

chattr +i php.ini
But remember to clear immutable flag (chattr -i php.ini) before edit this file. ;)

I think it's called the immutable flag. :)

Jeff

yep. Thanks for correction, Jeff
:)