The open_basedir directive in php.ini limits PHP file accesses (such as file opening, writing and deleting) within a designated directory such as /home/www/public_html so that it doesn’t endanger the rest of the system in any way. With proper Apache permissions and PHP installed as an Apache module, PHP inherits whatever privileges Apache has. As Apache is usually endowed with very limited permission in the form of a ‘nobody’ or ‘www-data’ group, there’s actually no need for open_basedir.
So it’s actually turned off by default. Controversies are raised about whether to use it or not. While it’s good to have extra confinement of what your public PHP scripts can access and do, it’d also make your applications reliable on it for file system security.
To modify the value of this directive and restrict php directory access, just find php.ini and locate the line:
And change it to minimum directory access your PHP applications need such as the web documents root:
open_basedir = '/home/www/public_html'
You should also read:
- PHP Class for Handling .htpasswd and .htgroup (Member Login & User Management)
- PHP: Change Current Working Directory
- .htaccess: Directory Listing – Enable Web Directory Browsing & Indexing
- PHP: Hide the Real File URL and Provide Download via a PHP Script
- PHP: Why you should use dirname(__FILE__).‘/include.php’ instead of just ‘include.php’