Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th December 2011, 19:41
cbj4074 cbj4074 is offline
Senior Member
 
Join Date: Nov 2010
Posts: 395
Thanks: 30
Thanked 58 Times in 50 Posts
Default open_basedir paths from parent directories seem not to be inherited automatically

I'm running Apache/2.2.14 (Ubuntu) and PHP 5.3.2-1ubuntu4.10.

I would like to define open_basedir rules in /etc/apache2/httpd.conf that apply to all vhosts, but also define additional directories on a per-vhost basis (via the ISPConfig interface).

The problem I'm having is that open_basedir inheritance does not seem to behave as described in the PHP manual. From the manual ( http://php.net/manual/en/ini.core.php ):

Quote:
As an Apache module, open_basedir paths from parent directories are now automatically inherited.
I have not found this to be the case.

In /etc/apache2/httpd.conf I have:

Code:
<Directory /var/www/>
AllowOverride All
Order allow,deny
Allow from all
php_admin_value open_basedir "/dev/urandom:/usr/share/php"
</Directory>
And in the "Apache Directives" box for the vhost in question, I have:

Code:
<Directory /var/www/example.com>
php_admin_value open_basedir "/var/www/example.com/tmp:/var/www/example.com/web"
</Directory>
Yet, when I view the output from phpinfo() from within a script at /var/www/example.com/web/info.php, the directories listed for open_basdir are:

Code:
/var/www/dev.level8ds.com/tmp:/var/www/dev.level8ds.com/web
So, the open_basedir directories that are defined in /etc/apache2/httpd.conf are not being inherited, but rather, they are being overwritten.

This is the behavior that I have observed and documented:

Firstly, directives prepended with "php_admin_*" cannot be modified with subsequent definitions (even if they contain the php_admin_* prefix); they are final. Similarly, directives defined with php_admin_* will OVERWRITE any previous directives (even if they contain the php_admin_* prefix).

Further, directives defined with php_* have no effect if the equivalent php_admin_* directive has been defined (either before or after).

Finally, php_admin_* directives will overwrite their php_* equivalents.


Has anyone else encountered this issue?

Thanks in advance...
Reply With Quote
Sponsored Links
  #2  
Old 16th December 2011, 20:07
cbj4074 cbj4074 is offline
Senior Member
 
Join Date: Nov 2010
Posts: 395
Thanks: 30
Thanked 58 Times in 50 Posts
 
Default

The PHP documentation is misleading. Apparently, the statement

Quote:
As an Apache module, open_basedir paths from parent directories are now automatically inherited.
means that if the open_basedir directive is defined as such

Code:
<Directory /var/www/example.com>
php_value open_basedir "/tmp:/var/www/example.com/web"
</Directory>
then a script in /var/www/example.com/web will have access to /tmp. It does NOT mean that more specific open_basedir values may be defined for child directories to create a "cascading" or "stacking" effect.

So, adding to the above directive something like

Code:
<Directory /var/www/example.com/web/modules>
php_value open_basedir "/var/www/example.com/protected/includes"
</Directory>
will NOT make the effective open_basedir for /var/www/example.com/web/modules

"/tmp:/var/www/example.com/web:/var/www/example.com/protected/includes"


but rather so doing will OVERWRITE the parent directory's open_basedir definition and make the effective open_basedir

"/var/www/example.com/protected/includes"


It seems prudent to open a bug report for the PHP documentation and request that this statement be clarified.
Reply With Quote
Reply

Bookmarks

Tags
apache, automatically, inheritance, open_basedir, php

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Webmin upgrade lishaw1968 Installation/Configuration 15 26th August 2010 16:23
could not configure spamassasin specon Installation/Configuration 1 17th April 2008 22:02
update failed loge Installation/Configuration 6 1st December 2007 18:53
directories in /home/admispconfig/ispconfig renamed? Spudchat General 10 12th April 2007 20:37
Installation Problem irpr Installation/Configuration 21 13th December 2006 12:55


All times are GMT +2. The time now is 05:25.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.