2.8.16. open_basedir

Important points:

  • Complete isolation of sites from each other can only be achieved by placing them in separate hosting accounts.
  • The parameter is automatically disabled during operation PHP Profiler.

Parameter open_basedir restricts the level of access for PHP scripts on the site.

It is important to keep in mind that its use of the parameter cannot provide complete isolation of sites from each other within the same hosting account. This is due to the fact that the parameter restricts access to files only by means of PHP, however, in case of accessing files outside the set access, workarounds, for example, by calling commands via shell_exec (potentially dangerous internal PHP functions that are not used by site scripts can be disconnect), access will not be restricted.

In situations where site scripts try to access files that are restricted to them using open_basedir, the site can be observed error "open_basedir restriction in effect".

  1. Openup PHP settings.
  2. In field "open_basedir" select the required access level and save the changes:
    • "/home/example/example.com/www" — access is limited site root directory.
    • "/home/example/example.com" - access is limited to the parent directory site root directory.
    • "/home/example" - access is limited to the root directory of the hosting account.
    • "disable" - access is not limited.
  3. Wait approximately 10-15 minutes for the changes to take effect.