ISPConfig 3 don't set open_basedir directive in websites

Discussion in 'Installation/Configuration' started by Skyflash, Feb 7, 2012.

  1. Skyflash

    Skyflash New Member

    After an upgrade (currently, ISPConfig 3.0.4.2) i have a strange problem:

    if i edit a website (that has FastCGI enabled), or a create e NEW website with FastCGI enabled, ISPConfig don't set the open_basedir directive in .php-fcgi-starter or, if present, deletes it :(

    Example: I edit this site (not important what item i edit; important thai i click on Save):
    [​IMG]
    Options tab, PHP open_basedir directive is:
    Code:
    /var/www/clients/client2/web14/web:/var/www/clients/client2/web14/tmp:/var/www/acmitest.biz/web:/srv/www/acmitest.biz/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin
    The .php-fcgi-starter changes to:

    Code:
    #!/bin/sh
    PHPRC="/etc/php5/cgi/"
    export PHPRC
    PHP_DOCUMENT_ROOT="/var/www/clients/client2/web14"
    export PHP_DOCUMENT_ROOT
    # The variable PHP_FCGI_CHILDREN is onyl useful for lighty or nginx as apache
    # mod_fcgi will control the number of childs themself and never use the additional processes.
    # PHP_FCGI_CHILDREN=1
    # export PHP_FCGI_CHILDREN
    PHP_FCGI_MAX_REQUESTS=1000
    export PHP_FCGI_MAX_REQUESTS
    exec /usr/bin/php-cgi \
     $1
    ~
    
    So i manually edit the file, and i add this directives:
    Code:
    open_basedir="/var/www/clients/client2/web14/web:/var/www/clients/client2/web14/tmp:/var/www/acmitest.biz/web:/srv/www/acmitest.biz/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin" \
    -d upload_tmp_dir=/var/www/clients/client2/web14/tmp \
    -d session.save_path=/var/www/clients/client2/web14/tmp \
    
    Starter file now appears like this:
    Code:
    #!/bin/sh
    PHPRC="/etc/php5/cgi/"
    export PHPRC
    PHP_DOCUMENT_ROOT="/var/www/clients/client2/web14"
    export PHP_DOCUMENT_ROOT
    # The variable PHP_FCGI_CHILDREN is onyl useful for lighty or nginx as apache
    # mod_fcgi will control the number of childs themself and never use the additional processes.
    # PHP_FCGI_CHILDREN=1
    # export PHP_FCGI_CHILDREN
    PHP_FCGI_MAX_REQUESTS=1000
    export PHP_FCGI_MAX_REQUESTS
    exec /usr/bin/php-cgi \
    open_basedir="/var/www/clients/client2/web14/web:/var/www/clients/client2/web14/tmp:/var/www/acmitest.biz/web:/srv/www/acmitest.biz/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin" \
    -d upload_tmp_dir=/var/www/clients/client2/web14/tmp \
    -d session.save_path=/var/www/clients/client2/web14/tmp \
     $1
    
    If a make any change to the configuration document (or i click Save) (first image), the open_basedir "resets" to the initial code i wrote in this post and every open_basedir directive is lost:(

    I don't know if may be helpful, but in Monitor tab, System logs section of ISPconfig, i found this:
    Code:
    Feb 7 12:37:35 server01 kernel: [66835.543600] php-cgi[28180]: segfault at 7fe1d9b74809 ip 00000000006b7a29 sp 00007fffaf81a4c0 error 4 in php5-cgi[400000+74c000]
    Feb 7 12:37:47 server01 kernel: [66847.472671] php-cgi[28191]: segfault at 7fe8867d4009 ip 00000000006b7a29 sp 00007fff69dcc770 error 4 in php5-cgi[400000+74c000]
    Feb 7 12:37:59 server01 kernel: [66860.196892] php-cgi[28197]: segfault at 7f44eafbfa09 ip 00000000006b7a29 sp 00007fffa2d901a0 error 4 in php5-cgi[400000+74c000]
    Someone can help me, please?
     
    Last edited: Feb 7, 2012
  2. Skyflash

    Skyflash New Member

    The creation issue is solved. In System -> Server Config -> Web i had Security Level set to "Medium".

    I've found the fcgi master template in /usr/local/ispconfig/server/conf/php-fcgi-starter.master and i saw an IF condition:

    Code:
    <tmpl_if name="security_level" op="==" value="20"> -d open_basedir="<tmpl_var name='open_basedir'>" \
    -d upload_tmp_dir=<tmpl_var name='document_root'>/tmp \
    -d session.save_path=<tmpl_var name='document_root'>/tmp \
    
    Set Security Level to High and now the fcgi starter file is correct :)
     

Share This Page