open_basedir option (SKINS) (TEMPLATES)

Version 1.28

Feature
Finished

Ability to enable/disable safemode on a per-doamin basis in the same manner that you can already do it for safemode. Open_basedir has the benefit of preventing php scripts from looking around on your system into locations it shouldn't be, like other user's home directories or listing important system files. The default settings restrict the php scripts to /home/username, /tmp and /usr/local/lib/php (for includes). Also, due to the way that the OPEN_BASEDIR_PATH is setup in the virtual_host*.conf files, the admin can customize a path on a per-domain basis through Admin Level -> custom httpd config, by adding the customized: |?OPEN_BASEDIR_PATH=<custom>| into the text area, overwriting the default for that domain. SKINS: admin/safe_mode.html added: Default Open BaseDir for new domains: <input type=radio name=obdenabled value="ON" |OBDONCHECKED|>On <input type=radio name=obdenabled value="OFF" |OBDOFFCHECKED|>Off TEMPLATES: Also, the virtual_host*.conf templates have been updated to accomodate the extra token (OPEN_BASEDIR) .. will be either ON or OFF. The top of the templates will have: |?OPEN_BASEDIR_PATH=`HOME`/:/tmp:/usr/local/lib/php/| And inserted into the "<Directory |DOCROOT|> section is: |*if OPEN_BASEDIR="ON"| php_admin_value open_basedir |OPEN_BASEDIR_PATH| |*endif| Note that this is a reduced version of the previous open_basedir settings. It was found that placing the restrictions inside the <Directory> syntax will not turn on open_basedir for /webmail, /squirrelmail or /phpMyAdmin. This allows us to close up the allowed paths making /tmp the only global path that users will share for writing. /var/www/html was removed from the path making webmail (saved emails) secure for apache run php scripts owned by users on the system.

Interested to try DirectAdmin? Get a 30-day Free Trial!