open_basedir not enabled beta 4

[RevengeFNF]

15 minutes ago, Woodsman said:

You need to reboot your server after making the php.ini changes to have them go into effect.

Obviously if you can't reboot your server yourself you need to contact your host.

You don't need to reboot the server, just restart php-fpm or apache, whatever you are using.

[Woodsman]

1 minute ago, RevengeFNF said:

You don't need to reboot the server, just restart php-fpm or apache, whatever you are using.

Yes if you have independent  access tools to restart separately I agree. As this goes in my case with my present host I can reboot from my hosting account but not via the WHM at present.

[Restricted Content]

On 4/11/2018 at 3:09 PM, Adlago said:

My host confirmed that open_basedir is enable.
Nonetheless, I added to that in php ini:

open_basedir = "/home/:/tmp"

This did not remove a message.
I added the same to in the admin folder php ini file and then a message has already been removed.
Strange ...

where is php ini? Thats my question.Then it says disable all this:

exec, system, pcntl_exec, popen, proc_open, shell_exec

I cannot find any of it.

[Adlago]

php ini  is in your root directory.

Open it in Notepad++, and add

disable_functions = exec,pcntl_exec,popen,proc_open,system, shell_exec
open_basedir = "/home/:/tmp"

upload again in root.

I added also php ini in the admin directory. This removed messages in the ACP

[Restricted Content]

I see an init php but no php ini

[opentype]

Check with your host (e.g. their support/FAQ area). You might not have access to the php.ini at all and so looking for the file might be pointless. 

[Restricted Content]

My host is about as useless as taking gasoline to put out a fire! Guess I will just take it down and use something else...Thanks for the help.

[jcdesign]

For WHM user using Easy Apache.

First enable PHP open_basedir Protection and save

 

Go to MultiPHP INI Editor Mode and choose PHP version your site are on.

Place this code somwhere in the php.ini editor and save:

open_basedir = "/home/:/tmp"

Go to Restart Services and press PHP-FPM (In my case)

Restart and you are done! The message should disappear in your IPS ACP.

 

[j4ss]

3 hours ago, Woodsman said:

You need to reboot your server after making the php.ini changes to have them go into effect.

Hi, what changes needed in php.ini?

my php.ini file is "open_basedir = on"

 

 

[AlexWright]

49 minutes ago, j4ss said:

Hi, what changes needed in php.ini?

my php.ini file is "open_basedir = on"

 

 

That won't necessarily do anything. "open_basedir" is a command that gives permissions to certain files and folders. That's why:

open_basedir = "/home/:/tmp"

Works. It's giving that PHP the permissions only into /home/ (Implying subdirectories) and /tmp (implying no subdirectories).

[Rhett]

Please consult with your server administrator, each case may be different and require a different setup/path/setting, based on many factors, you cannot simply provide one setting for everyone. 

Do not apply settings in this topic if you are not sure of what you are doing, doing so can cause security issues.

You do not need to restart the server after applying the settings either, only php/apache

[AlexWright]

2 minutes ago, Rhett said:

Please consult with your server administrator, each case may be different and require a different setup/path/setting, based on many factors, you cannot simply provide one setting for everyone. 

Do not apply settings in this topic if you are not sure of what you are doing, doing so can cause security issues.

You do not need to restart the server after applying the settings either, only php/apache

This most of all.

[opentype]

7 hours ago, AlienOrigins said:

Guess I will just take it down and use something else...

It’s just a helpful tip from IPS how to make your community website more secure. It is completely unrelated to the IPS software and not required by it. 

[Restricted Content]

3 hours ago, opentype said:

It’s just a helpful tip from IPS how to make your community website more secure. It is completely unrelated to the IPS software and not required by it. 

Thanks....I got my host finally to edit the php ini everything is cool now.

[Tracy Perry]

On 4/14/2018 at 1:55 PM, opentype said:

Well, putting it on the dashboard is definitely working. We can tell from all the topics about people trying to set the additional security measures. ? 

Problem is... some of us run (admin) our own servers... and we DON'T have open_basedir enabled for a specific reason - same way with the "dangerous php functions" being enabled.  I'm well aware of what I have enabled... I don't need a big old warning that can't be dismissed from something that doesn't know the why/how of my configuration.  ?

[bearback]

so can the warning be removed if you don't update open_basedir  ?

thank you

[RevengeFNF]

5 hours ago, Tracy Perry said:

Problem is... some of us run (admin) our own servers... and we DON'T have open_basedir enabled for a specific reason - same way with the "dangerous php functions" being enabled.  I'm well aware of what I have enabled... I don't need a big old warning that can't be dismissed from something that doesn't know the why/how of my configuration.  ?

You can always open_basedir the whole server and the message will disappear.

[Tracy Perry]

16 minutes ago, RevengeFNF said:

You can always open_basedir the whole server and the message will disappear.

Yes, but why should I have to?

[RevengeFNF]

34 minutes ago, Tracy Perry said:

Yes, but why should I have to?

Because IPS decided to add a big warning

[bfarber]

So, backing up, all we did was (1) move our security warnings/recommendations to the dashboard to give them more visibility, and (2) fixed some bugs causing some of the messages to be unreliable. Obviously this has worked, as evidenced by this thread...perhaps a little too well.

We will be removing the open_basedir warning in an upcoming maintenance release, and allowing the other warnings to be dismissed for a short period of time.