Security: open_baseidr on /~username with CLI

Version 1.49


ACTION REQUIRED: To set the fix for all Users after you update DA, run: cd /usr/local/directadmin/custombuild ./build rewrite_confs --------------- For the user_virtual_host.conf template, open_basedir (OBD) was not set for ~username access because this setting (Admin Level -> Php Config) is a per-domain setting, and the /~username method is a per-user setting, so the template didn't have a domain config to check. The fix was to make additions to the user_virtual_host.conf to add some default changes, making their settings use the default values, as per the Admin Level -> Php Config global default for new Users. So if you have OBD turned "On" as the default for new Users, all Users will get this setting for their /~username access method, regardless of if it's shut off for their domain. If you need override this and shut it off only for 1 User, then edit: /usr/local/directadmin/data/users/username/user.conf and add: open_basedir=OFF or open_basedir=ON to override the global php config OBD default setting for /~username access. The override shouldn't affect the per-domain settings for OBD. New user_virtual_host.conf token: OPEN_BASEDIR_AND_CLI=ON|OFF if OBD is on and CLI is available. ---------- Also added the CLI_PHP_MAIL_LOG setting into the template, so that mail from /~username is logged to /home/user/.php/php-mail.log, like it is for domains. This check uses the USER_CLI token and not CLI token, because we don't want to cause a conflict with the per-domain settings, which may be turned off.

Interested to try DirectAdmin? Get a 30-day Free Trial!