tags:

views:

342

answers:

4
Q: 

open_basedir not having any effect

For my web hosting panel, users need to be blocked from accessing files outside their own directory (/var/www/u/s/username). I tried to use this line in httpd.conf to prevent people from going up a directory.

php_admin_value open_basedir .:/usr/lib/php5

But in php.ini, it seems to have no effect. What am I doing wrong?

A: 
  1. As far as I can tell, it's not in path format it has to be just one directory;
  2. Using "." with open_basedir makes no sense at all, "." is allways the current directory. You can chdir('/wherever/you/want'), having "." expanded as /wherever/you/want
vartec  2009-04-02 14:41:50
A webhost I used to moderate used this type of restriction. It works, although it prevents a few scripts from working. I use mod_vhost_alias so I can't just add a different open_basedir for each user. Is there a better way of doing this?
 2009-04-03 19:57:51
I tested it on another server, and it won't let me chdir out of the open_basedir allowed paths.
 2009-04-03 19:58:21
A: 

Most probably you're modifying the wrong "php.ini".

Milen A. Radev  2009-04-02 15:57:39
I'm putting it in the main httpd.conf (the right one :) ). I can't put it in php.ini because I have 2 Apache instances running of the same binary, and they need to have different configurations.
 2009-04-03 19:51:47
In this case the description of your problem doesn't make sense - on one hand it works if put in httpd.conf and doesn't work when in php.ini. But on the other hand you can't put it in the php.ini anyway. So what's your problem?
Milen A. Radev  2009-04-03 22:14:24
It does NOT work in the httpd.conf. Sorry for not making that clear.
 2009-04-05 13:54:13
Create a script with only a call to "phpinfo()" in it and put it where the other "restricted" scripts should reside. Open it in the browser and check what's the value of "open_basedir".
Milen A. Radev  2009-04-05 17:44:29
+1  A: 

It might be a silly suggestion, but have you restarted the webserver after making the php.ini changes?

Another method you might try using is to append a file using the "auto_prepend_file" directive to include a script to tighten up the open_basedir directive to the current users directory:

From PHP.net (http://www.php.net/manual/en/ini.sect.safe-mode.php)

As of PHP 5.3.0 open_basedir can be tightened at run-time. This means that if open_basedir is set to /www/ in php.ini a script can tighten the configuration to /www/tmp/ at run-time with ini_set()

ADDITIONAL SUGGESTION:

The Apache configuration will need to be set up properly for INI overrides to be effective. Ensure that you have "AllowOverride Options" or "AllowOverride All" set in the Apache config for your Server or Virtual Host.

http://us2.php.net/configuration.changes

http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride

PHPexperts.ca  2009-04-03 19:42:00
+1  A: 

You may need to add a line for each user Directory:

<Directory /var/www/u/s/username>
php_admin_value open_basedir "/var/www/u/s/username/:/shared/path/"
</Directory>

Note that the trailing slash is here to prevent user "username" from accessing a "username2" directory.

Julien Tartarin  2009-04-14 11:08:16

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases