Every user can modify open_basedir protection, even if they have no permissions whatsoever. This panel cannot be considered secure anymore, there should be an option for open_basedir across all sites and don’t let users change it. I just got a new customer and if he wanted to he could steal all websites data.
agree that’s dangerous! I recently got hacked and more than 10 websites compromised as one of client decided to turn on basedir protection because some script was breaking.
@ysk99 you can not simply blame CyberPanel if your websites are getting hacked.
And its at user will to enable open_basedir (only for their site, not other sites). Apart from that users can not go beyond their document root.
So you need to provide more details, allowing end-user option to select open_basedir does not mean CyberPanel is not secure.
Clients cant turn on or off base dir on their root domain, I just tested it. It gives an error message. Seems safe to me.