• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question New serviceplan PHP config default values

T

Tozz

Regular Pleskian
I'd like to disable open_basedir completely, on all our servers, from all serviceplans and all subscriptions. Primary reason for this is that open_basedir disable's statcaching, which can have detrimental effects on performance for PHP scripts that open a lot of files.

I have managed to fix almost everything, but I can't find where Plesk gets it's default configuration parameters from when creating a new serviceplan.
When I click on Serviceplans -> Create new Plan -> PHP Settings

The value for open_basedir is {WEBSPACEROOT}{/}{:}{TMP}{/}. Where is that coming from? I've configured open_basedir = none in /etc/php/*/*/php.ini and /opt/plesk/php/*/etc/php.ini.
 
I think it is hard coded. Removing the limit only makes sense if you run a server for yourself only, because otherwise, other people will be able to access all files and directories on the server beyond their own subscription. But if you are the only user, why would you want to split organization of domains up into several subscriptions and not just stick with a single huge subscription?
 
They can't access all files, because PHP is ran either as FastCGI or FPM, and both execute the PHP code as the system user (FTP user). So they can't access other subscription data. I'm not the only user, this is a shared hosting platform.

open_basedir doesn't make much sense anyway. We offer CGI, cronjobs and multiple other features that would allow a malicious user to bypass the open_basedir restriction from PHP.
 
Thank you for the detailed explanation. If this is your way, I respect your decision to configure your system this way. Unfortunately, I don't think there is a solution to the initial question.

For other users who stop by in this thread I would however like to add, that it is most certainly possible to hack a server if subscription accounts are not jailed to their own subscription directories and that this is a configuration not recommended when several users share the same server.
 
You must log in or register to reply here.

Similar threads

K
Issue Cannot add custom folder to the open_basedir PHP option.
Replies
6
Views
329
KevinPrimate
K
M
Resolved How to update default open_basedir for all websites?
Replies
6
Views
1K
Peter Debik
P
N
Question open_basedir issue with borlabs cookie
Replies
3
Views
479
Peter Debik
P
Stergios G
Resolved Error: Unable to retrieve information about the PHP configuration
Replies
2
Views
262
Stergios G
Stergios G
S
Question Help access subdomain images from primary domain
Replies
3
Views
1K
SkyB
S
Back
Top