Table of Contents

How to enable open_basedir to work with LSPHP and EA4

With the introduction of EasyApache 4, WHM’s user_basedir tweak now requires some configuration to be enabled. It is highly recommended to use user_basedir to prevent clients from running PHP scripts which they do not own.

What is open_basedir?

Open_basedir is a PHP setting that limits the files that can be accessed by PHP to the specified directory-tree, including the file itself.

How to check if open_basedir is enabled?

To check if open_basedir is enabled, create a phpinfo page and search for open_basedir. If open_basedir is set to a value other than “no value”, it is enabled.

Setup

*NOTE* If you already have a PHP DSO handler installed you can skip to step 9

1. Login to the WHM admin panel.

2. Navigate to Software → EasyApache 4

3. Under “Currently Installed Packages”, select “Customize”

4. Select “PHP Extensions”

5. Search for ‘phpXX-php, where XX is the PHP version number, and toggle the switch so that it appears blue and says “Install”
*NOTE* If it says “this will remove a package”, this can mean that you already have a DSO handler installed and can skip to step 9

6. Select “Review“

7. After confirming that everything looks correct, click on “Provision”

8. Click “Done”

9. Navigate to Security Center → PHP open_basedir tweak

10. Tick the checkbox that says “Enable php open_basedir Protection”

11. Save your changes

That’s it, all done! Users are now prevented from running PHP scripts outside of their home directory.