I ran into a problem upgrading plugins because tar needs access to the binary /usr/bin/tar which is outside php’s open_basedir; Giving potentially access to the whole server binary directory might cause security issues I might think.
Idea: Would it be possible for OJS to rely on a software approach for tar iso a server binary, like e.g.
PHP: Introduction - Manual ?
So we don’t need to give low-level access to the server’s binaries