In a vhost envrionment surely "open_basedir none" represents a risk? It compromises the php sandbox.

I only have experience of SugarCRM under php 5.0.4. Is there a way of retaining the open_basedir sandbox? Perhaps by adding other directories to the basedir?

I have had a suggestion that this is a bug in php 5.0.4, but nothing in the php changelogs supports this. Would upgrading/downgrading allow me to run Sugar with the open_basedir still in place?

As things stand at the moment, it looks as if Sugar is not secure to run in a shared environment.