PHP open_basedir

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
if im reading this right i only need to add the dir of the webserver, so is it just /www or /home/www i have to put in there?

/home/www is set as doc root in httpd.conf - so im leaning towards that
 
If you want top prevent fopen from accessing anything outside of /home/www then your open_basedir should be set to /home/www/ (note the slash at the end)

If you don't have the slash on the end, it will allow access to any varients of /home/www as well (eg: /home/www1 /home/wwwmyweb, etc)

If you put just /www/ it would allow access to only things in the directory /www, which I'm guessing does not exist and would probably cause all fopens to fail as well as other functions

Hope this helps.
 
so i was right with /home/www :) apart from the missing / - thanks
 
PHP Security team recommend against open_basedir and setting your file permissions correctly instead.
 
PHP Security team recommend against open_basedir and setting your file permissions correctly instead.

Do you have any sources for this? I am unable to find any such reports at all.
 
PHP Security team recommend against open_basedir and setting your file permissions correctly instead.

strange that as must things i have read say to use open dir and file permissions norm either 444 or 555
 
That does not say anything against using open_basedir. It just says it is flawed by design, but it is still a valid part of setting up a properly protected PHP.
 
if i put /home/www i cant enter my site :p or /home/www/
 
404 :D - i'll have a play with it later, don't have the time atm
 
Okay, good luck. It seems odd that a change to open_basedir would affect the ability to actually read the files.

A few quick things to check

a) are your actual web files stored in the directory /home/www ?
b) Do the directory containing the files have the correct permissions
c) Is it possible the directory is /home/WWW/ instead of /home/www/ (case senstivite
d) Perhaps the specific includes within your files try to access other files outside of /home/www/ if this is the case, then you are actually getting the correct error.

Hope this helps
 
a) yes
b) yes
c) deff /home/www
d) doing it on scripts that do not require files out side the root folder

having a look now, can you add more than one path to that option ?

Warning: session_start() [function.session-start]: open_basedir restriction in effect. File(/var/tmp) is not within the allowed path(s): (/home/www) in /usr/home/www/phpg/libraries/lib.inc.php on line 56

Fatal error: session_start() [<a href='function.session-start'>function.session-start</a>]: Failed to initialize storage module: files (path: ) in /usr/home/www/phpg/libraries/lib.inc.php on line 56

although on others it giving different error(s) or a blank screen, im guessing its because eaccelerator cant access its temp file also and therefore the pages cant look at the cache folder, or could i fool it will a few symlinks ?
 
Yep, you seperate them with the colin ( : ) chracter

eg: /home/www/:/var/tmp/
 
will try that later server is offline while i clean it out, rather dusty in there :p
 
i got it working :p - although there is a symlink to /home php doesnt like it so the /home/www ws correct in one way, but the line needed to be /usr/home/www:/var/tmp:/usr/home/_g2data - otherwise some pages did work while others just went to a blank screen :)

edit: i would rep you jpruss but seems i need to dpread it about a bit before i can rep you again :rolleyes:
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back