{"id":21,"date":"2009-07-29T23:32:36","date_gmt":"2009-07-30T05:32:36","guid":{"rendered":"http:\/\/blog.supportpro.com\/?p=21"},"modified":"2023-07-27T02:10:24","modified_gmt":"2023-07-27T08:10:24","slug":"brief-intro-about-cphulk-mod_userdir-open_basedir","status":"publish","type":"post","link":"https:\/\/www.supportpro.com\/blog\/brief-intro-about-cphulk-mod_userdir-open_basedir\/","title":{"rendered":"Brief intro about mod_userdir | open_basedir"},"content":{"rendered":"

mod_userdir<\/strong><\/span><\/p>\n

It is an Apache module that allows you to create a separate website for each user on a server. These sites can all be accessed by going to,<\/p>\n

http:\/\/servername.com\/~username<\/em><\/p>\n

Eg:- http:\/\/example.com\/~user\/<\/em><\/p>\n

The module is installed on most Apache setups by default, but isnt necessarily always enabled. Most mass-hosted cPanel servers make extensive use of it for a variety of reasons.<\/p>\n

Apaches mod_userdir allows users to view their sites by entering a tilde(~) and their username as the URL on a specific host. For example http:\/\/test.cpanel.net\/~test will bring up the user Tests domain<\/p>\n

How To Enable<\/span> <\/strong><\/p>\n

1. To access the Server Setup Menu, click on Server Setup, on the main screen of your WebHost Manager interface. Then, click on Tweak Security.<\/p>\n

2. Click on Configure in the mod_userdir Tweak section.<\/p>\n

3. Click on the Checkbox next to Enable mod_userdir Protection to enable mod_userdir Protection.<\/p>\n

4. Click on a checkbox next to a domains name to allow them to access their domain using ~username, if necessary.<\/p>\n

5. Enter the name of any user you wish to be able access the domain using ~username, other than the domains owner, in the blank field next to the domains name, if necessary.<\/p>\n

6. Click on Save.<\/p>\n

Disadvantage <\/strong><\/span><\/p>\n

The disadvantage of this feature is that any bandwidth usage used by the site will be put on the domain it is accessed under .<\/p>\n

Mod_userdir protection prevents access to a domain through domain.com\/~user. You may however want to disable it on specific virtual hosts (generally shared SSL hosts).<\/p>\n

open_basedir<\/strong><\/span><\/p>\n

Enable open_basedir<\/strong><\/span><\/p>\n

Set open_basedir to only allow access to required portions of the filesystem, like your web sites documents and any shared libraries.<\/p>\n

You can set open_basedir in the php.ini file:<\/p>\n

; Set open_basedir to the <\/em><\/p>\n

open_basedir = \/var\/www\/foo.bar\/:\/usr\/local\/php\/<\/em><\/p>\n

The setting can also be applied in apaches httpd.conf file, or an .htaccess file:<\/p>\n

# Set open_basedir to a safe location<\/p>\n

php_value open_basedir \/var\/www\/foo.bar\/:\/usr\/local\/php<\/em><\/p>\n

WHM<\/strong><\/span><\/p>\n

Steps :<\/p>\n

1. To access the PHP open_basedir Tweak feature, click on Security, on the main screen of your WebHost Manager interface.<\/p>\n

2. Then click on Security Center.<\/p>\n

3. Then click on PHP open_basedir Tweak.<\/p>\n

4. Click on Configure in the PHPs open_basedir section.<\/p>\n

5. Click on the check box next to Enable PHP open_basedir Protection to enable Enable PHP open_basedir Protection.<\/p>\n

6. Click on a check box next to a domain name to allow them to open files outside of their home directory with PHP, if necessary.<\/p>\n

7. Click on Save.
\nPlesk : <\/strong>If you’re using Plesk hosting control panel, you may need to manually edit Apache configuration file of vhost.conf and vhost_ssl.conf, and add in or edit the following php_admin_value open_basedir lines to the following:<\/p>\n

<Directory \/full\/path\/to\/the\/directory\/httpdocs><\/p>\n

php_admin_value open_basedir none<\/p>\n

<\/Directory><\/p>\n

<Directory \/full\/path\/to\/the\/directory\/httpdocs><\/p>\n

php_admin_value open_basedir \/full\/path\/to\/dir:\/full\/path\/to\/directory\/httpdocs:\/tmp<\/p>\n

<\/Directory>
\nNote: For SSL hosts in the vhost_ssl.conf file, the Directory path will end with httpsdocs instead of httpdocs<\/p>\n

Disable Manually<\/strong><\/span><\/p>\n

Open up the httpd.conf file, and search for the lines that starts with the following characters:<\/p>\n

php_admin_value open_basedir ..<\/p>\n

Replace the whole line under the virtual host for the domain user account<\/p>\n

php_admin_value open_basedir none.<\/p>\n

Add Additional Directories<\/strong><\/span>
\nYou can also opt to allow your PHP scripts to access additional directory instead without disabling the protection.For example, to add \/new_directory to the allow list.<\/p>\n

php_admin_value open_basedir \/home\/user_account\/:\/usr\/lib\/php:\/usr\/local\/lib\/php:\/tmp<\/p>\n

php_admin_value open_basedir \/home\/user_account\/:\/usr\/lib\/php:\/usr\/local\/lib\/php:\/tmp:\/new_directory<\/p>\n

Restart the Apache after finished editing<\/p>\n

Article Authored by Ajith KK<\/strong><\/p>\n

Author, Ajith KK, is a Systems Engineer with SupportPRO. Ajith specializes in L1 and L2 Linux\/Windows administration. SupportPRO offers 24X7 technical support services to Web hosting<\/a> companies and service providers.<\/strong><\/p>\n

If you require help, contact SupportPRO Server Admin<\/a><\/p>\n

\"Server<\/a><\/span>