PHP open_basedir

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
if im reading this right i only need to add the dir of the webserver, so is it just /www or /home/www i have to put in there?

/home/www is set as doc root in httpd.conf - so im leaning towards that
 

JPRuss

OSNN Addict
Joined
5 May 2008
Messages
77
If you want top prevent fopen from accessing anything outside of /home/www then your open_basedir should be set to /home/www/ (note the slash at the end)

If you don't have the slash on the end, it will allow access to any varients of /home/www as well (eg: /home/www1 /home/wwwmyweb, etc)

If you put just /www/ it would allow access to only things in the directory /www, which I'm guessing does not exist and would probably cause all fopens to fail as well as other functions

Hope this helps.
 

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
so i was right with /home/www :) apart from the missing / - thanks
 

LordOfLA

Godlike!
Joined
2 Feb 2004
Messages
7,026
PHP Security team recommend against open_basedir and setting your file permissions correctly instead.
 

X-Istence

*
Political Access
Joined
5 Dec 2001
Messages
6,498
PHP Security team recommend against open_basedir and setting your file permissions correctly instead.

Do you have any sources for this? I am unable to find any such reports at all.
 

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
PHP Security team recommend against open_basedir and setting your file permissions correctly instead.

strange that as must things i have read say to use open dir and file permissions norm either 444 or 555
 

X-Istence

*
Political Access
Joined
5 Dec 2001
Messages
6,498
That does not say anything against using open_basedir. It just says it is flawed by design, but it is still a valid part of setting up a properly protected PHP.
 

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
if i put /home/www i cant enter my site :p or /home/www/
 

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
404 :D - i'll have a play with it later, don't have the time atm
 

JPRuss

OSNN Addict
Joined
5 May 2008
Messages
77
Okay, good luck. It seems odd that a change to open_basedir would affect the ability to actually read the files.

A few quick things to check

a) are your actual web files stored in the directory /home/www ?
b) Do the directory containing the files have the correct permissions
c) Is it possible the directory is /home/WWW/ instead of /home/www/ (case senstivite
d) Perhaps the specific includes within your files try to access other files outside of /home/www/ if this is the case, then you are actually getting the correct error.

Hope this helps
 

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
a) yes
b) yes
c) deff /home/www
d) doing it on scripts that do not require files out side the root folder

having a look now, can you add more than one path to that option ?

Warning: session_start() [function.session-start]: open_basedir restriction in effect. File(/var/tmp) is not within the allowed path(s): (/home/www) in /usr/home/www/phpg/libraries/lib.inc.php on line 56

Fatal error: session_start() [<a href='function.session-start'>function.session-start</a>]: Failed to initialize storage module: files (path: ) in /usr/home/www/phpg/libraries/lib.inc.php on line 56

although on others it giving different error(s) or a blank screen, im guessing its because eaccelerator cant access its temp file also and therefore the pages cant look at the cache folder, or could i fool it will a few symlinks ?
 

JPRuss

OSNN Addict
Joined
5 May 2008
Messages
77
Yep, you seperate them with the colin ( : ) chracter

eg: /home/www/:/var/tmp/
 

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
will try that later server is offline while i clean it out, rather dusty in there :p
 

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
i got it working :p - although there is a symlink to /home php doesnt like it so the /home/www ws correct in one way, but the line needed to be /usr/home/www:/var/tmp:/usr/home/_g2data - otherwise some pages did work while others just went to a blank screen :)

edit: i would rep you jpruss but seems i need to dpread it about a bit before i can rep you again :rolleyes:
 

Members online

No members online now.

Latest profile posts

Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
Terrahertz wrote on Electronic Punk's profile.
Yo fellas!
Electronic Punk wrote on Sazar's profile.
Where are you buddy?
Perris Calderon wrote on Electronic Punk's profile.
Hey EP! All good with me, applying for Microsoft MVP right now, should have done this a while ago.

Notifications don't work, I only found your response by coming back to hunt up some threads, if you want, give me your email address so we can keep in touch easier!
Perris Calderon wrote on Electronic Punk's profile.
EP, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there!

Forum statistics

Threads
61,997
Messages
673,411
Members
5,591
Latest member
nodee