How to enable open_basedir to work with LSPHP and EA4
With the introduction of EasyApache 4, WHM’s user_basedir tweak now requires some configuration to be enabled. It is highly recommended to use user_basedir to prevent clients from running PHP scripts which they do not own.
What is open_basedir?
Open_basedir is a PHP setting that limits the files that can be accessed by PHP to the specified directory-tree, including the file itself.
How to check if open_basedir is enabled?
To check if open_basedir is enabled, create a phpinfo page and search for open_basedir. If open_basedir is set to a value other than “no value”, it is enabled.
Setup
*NOTE* If you already have a PHP DSO handler installed you can skip to step 9
1. Login to the WHM admin panel.
2. Navigate to Software → EasyApache 4
3. Under “Currently Installed Packages”, select “Customize”
4. Select “PHP Extensions”
5. Search for ‘phpXX-php, where XX is the PHP version number, and toggle the switch so that it appears blue and says “Install”
*NOTE* If it says “this will remove a package”, this can mean that you already have a DSO handler installed and can skip to step 9
6. Select “Review“
7. After confirming that everything looks correct, click on “Provision”
8. Click “Done”
9. Navigate to Security Center → PHP open_basedir tweak
10. Tick the checkbox that says “Enable php open_basedir Protection”
11. Save your changes
That’s it, all done! Users are now prevented from running PHP scripts outside of their home directory.