Submitted by banaan on Tue, 04/05/2016 - 06:13
Currently the PHP open_basedir security setting can’t be automatically set when creating a virtual server. This means that by default PHP can access every file on the file system, see http://php.net/manual/en/ini.core.php#ini.open-basedir.
It would be great if the open_basedir path could be automatically set to the home directory of the user when a virtual server is created. So the user doesn't have to do this by hand after the virutal server has been created, which is of course error prone.
Status:
Closed (fixed)
Comments
Submitted by andreychek on Tue, 04/05/2016 - 09:44 Comment #1
Howdy -- this is actually something you can do if you wanted. You can set a php.ini template to use in System Settings -> Server Templates -> Default -> Apache Website.
What you could do there is setup a template, and within that template, you can use variables to set open_basedir to the homedir (I believe you would just need ${HOME} for that, but check the help text for that option for additional information).
Submitted by banaan on Wed, 04/06/2016 - 04:33 Comment #2
Thanks, that basically does the job for setting the open_basedir setting.
Currently the php.ini template is copied to the user directory (${HOME}/etc/php.ini). Is there a way I can use /etc/php5/cgi/php.ini as the default configuration and parse ${HOME}/etc/php.ini as an additional php.ini file? This way we can change the default settings for all virtual hosts.
edit: Created a separate ticket for this: https://www.virtualmin.com/node/40267
Submitted by banaan on Wed, 04/06/2016 - 04:33 Comment #3