HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   open_basedir paths from parent directories seem not to be inherited automatically (http://www.howtoforge.com/forums/showthread.php?t=55405)

cbj4074 14th December 2011 18:41

open_basedir paths from parent directories seem not to be inherited automatically
 
I'm running Apache/2.2.14 (Ubuntu) and PHP 5.3.2-1ubuntu4.10.

I would like to define open_basedir rules in /etc/apache2/httpd.conf that apply to all vhosts, but also define additional directories on a per-vhost basis (via the ISPConfig interface).

The problem I'm having is that open_basedir inheritance does not seem to behave as described in the PHP manual. From the manual ( http://php.net/manual/en/ini.core.php ):

Quote:

As an Apache module, open_basedir paths from parent directories are now automatically inherited.
I have not found this to be the case.

In /etc/apache2/httpd.conf I have:

Code:

<Directory /var/www/>
AllowOverride All
Order allow,deny
Allow from all
php_admin_value open_basedir "/dev/urandom:/usr/share/php"
</Directory>

And in the "Apache Directives" box for the vhost in question, I have:

Code:

<Directory /var/www/example.com>
php_admin_value open_basedir "/var/www/example.com/tmp:/var/www/example.com/web"
</Directory>

Yet, when I view the output from phpinfo() from within a script at /var/www/example.com/web/info.php, the directories listed for open_basdir are:

Code:

/var/www/dev.level8ds.com/tmp:/var/www/dev.level8ds.com/web
So, the open_basedir directories that are defined in /etc/apache2/httpd.conf are not being inherited, but rather, they are being overwritten.

This is the behavior that I have observed and documented:

Firstly, directives prepended with "php_admin_*" cannot be modified with subsequent definitions (even if they contain the php_admin_* prefix); they are final. Similarly, directives defined with php_admin_* will OVERWRITE any previous directives (even if they contain the php_admin_* prefix).

Further, directives defined with php_* have no effect if the equivalent php_admin_* directive has been defined (either before or after).

Finally, php_admin_* directives will overwrite their php_* equivalents.


Has anyone else encountered this issue?

Thanks in advance...

cbj4074 16th December 2011 19:07

The PHP documentation is misleading. Apparently, the statement

Quote:

As an Apache module, open_basedir paths from parent directories are now automatically inherited.
means that if the open_basedir directive is defined as such

Code:

<Directory /var/www/example.com>
php_value open_basedir "/tmp:/var/www/example.com/web"
</Directory>

then a script in /var/www/example.com/web will have access to /tmp. It does NOT mean that more specific open_basedir values may be defined for child directories to create a "cascading" or "stacking" effect.

So, adding to the above directive something like

Code:

<Directory /var/www/example.com/web/modules>
php_value open_basedir "/var/www/example.com/protected/includes"
</Directory>

will NOT make the effective open_basedir for /var/www/example.com/web/modules

"/tmp:/var/www/example.com/web:/var/www/example.com/protected/includes"


but rather so doing will OVERWRITE the parent directory's open_basedir definition and make the effective open_basedir

"/var/www/example.com/protected/includes"


It seems prudent to open a bug report for the PHP documentation and request that this statement be clarified.


All times are GMT +2. The time now is 19:33.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.