open_basedir nightmare

Discussion in 'Installation/Configuration' started by awd.pt, Apr 6, 2011.

  1. awd.pt

    awd.pt Member

    Hi everyone

    we've been having some strange issues with some of out sites.

    for example, in www.awesome.com.pt/loja we've got an OpenCart store there and we get this kind of error:
    Code:
    Warning: require() [function.require]: open_basedir restriction in effect. File() is not within the allowed path(s): (/var/www/clients/client3/web24/web:/var/www/clients/client3/web24/tmp:/var/www/awesome.com.pt/web:/srv/www/awesome.com.pt/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin ) in /var/www/clients/client3/web24/web/loja/system/library/language.php on line 65
    It doesn't happen all the time, and that's what makes it so annoying. Everytime we save the site settings in ISPConfig panel the site works fine once. On the second reload the message comes back again. Any ideas?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    1) ensure that you have enabled the suexec checkbox in the website settings and that you use php-cgi or php-fastcgi as php method (not mod_php).

    2) Change all files in the directory /var/www/clients/client3/web24/web/ and its subdirectories to the correct user and group:

    chown -R web24:client3 /var/www/clients/client3/web24/web/
     
  3. awd.pt

    awd.pt Member

    thanks for the fast answer till, but that didn't do it.
    Suexec and fast-cgi were already selected. We ran chown -R web24:client3 /var/www/clients/client3/web24/web/ but problem remains...
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, then check the file var/www/clients/client3/web24/web/loja/system/library/language.php and see what it is doing in line 65. Additionally you should check the error.log of the website.
     
  5. awd.pt

    awd.pt Member

    Well, in line 65 it's calling a file, previously defined

    Code:
    $file = DIR_LANGUAGE . $this->languages[$this->code]['directory'] . '/' . $filename . '.php';
    
        	if (file_exists($file)) {
    	  		$_ = array();
    	  
    	  		require($file);
    the last one is line 65.
    On the error log the message is the same as in the site:
    Code:
    2011-04-06 14:00:36 - PHP Warning:  require() [<a href='function.require'>function.require</a>]: open_basedir restriction in effect. File() is not within the allowed path(s): (/var/www/clients/client3/web20/web:/var/www/clients/client3/web20/tmp:/var/www/pharma.awd.pt/web:/srv/www/pharma.awd.pt/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin) in /var/www/clients/client3/web20/web/system/library/language.php on line 65
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    please add:

    echo $file;

    right before the require line to get the path of the file.
     
  7. awd.pt

    awd.pt Member

    Just did that and files that the page is calling are for example:

    /var/www/awesome.com.pt/web/loja/catalog/language/portuguese-pt/module/information.php

    /var/www/awesome.com.pt/web/loja/catalog/language/portuguese-pt/module/category.php

    etc..

    maybe the issue is /var/www/awesome.com.pt/ vs /var/www/clients/client3/web24/ ?
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    You must have both paths in the open_basedir set.
     
  9. awd.pt

    awd.pt Member

    we do. This is what we have

    Code:
    /var/www/clients/client3/web24/web/:/var/www/clients/client3/web24/tmp/:/var/www/awesome.com.pt/web/:/srv/www/awesome.com.pt/web/:/usr/share/php5/:/tmp:/usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
    initially the paths had no / at the end, so I added them, but the result is exactly the same.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Maybe its not a problem with the open basedir path settings then. The interesting thin is the ... File() .... part of the error, as there should be a path between the (). It seems as if your script tries to open a empty file name. Please try to modify the line:

    require($file);

    to

    if(!empty($file)) require($file);
     
  11. awd.pt

    awd.pt Member

    I did that, but no changes.
    None of the called files are empty.
    This is the content of /var/www/awesome.com.pt/web/loja/catalog/language/portuguese-pt/common/home.php, the first file to be called.
    Code:
    <?php
    // Title
    $_['title']         = '%s';
    
    // Heading 
    $_['heading_title'] = 'Bem vindo à %s';
    
    // Text
    $_['text_latest']   = 'Novidades';
    ?>
    
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    Id did not mean that the files are empty, I meant that the filename is empty thats is passed to the require function.
     
  13. awd.pt

    awd.pt Member

    but if that was the case then echo $file wouldn't retrieve nothing, and it retrieves the file correctly
     
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    No, as you would not see that. This function is used to load several files, and if echo oututs just nothing at the end, you would not recognize it.

    What you can try is e.g.:

    echo 'start-'.$file.'-end:';

    and check if you get somewhere in the output "start--end:".
     
  15. awd.pt

    awd.pt Member

    when you asked me before to echo $file; it outputted the files that it's trying to call.

    Now (with echo 'start-'.$file.'-end:';) we get:
    start-/var/www/awesome.com.pt/web/loja/catalog/language/portuguese-pt/common/home.php-end

    start-/var/www/awesome.com.pt/web/loja/catalog/language/portuguese-pt/module/information.php-end

    start-/var/www/awesome.com.pt/web/loja/catalog/language/portuguese-pt/module/category.php-end

    that's why I said that the echo $file was retrieving and there for, $file is not empty.

    take a peek @ http://awesome.com.pt/loja/

    (and thanks for trying to solve this with us)

    Any ideas on what might be causing the errors since $file is not empty? We had these sites on a ISPConfig 2 machine and we had no problems. This only started to happen when we moved to ISPConfig 3
     
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig 2 has no security options like open_basedir. The problem is either caused by a wrong open_baesdir setting or wrong file permissions.

    Please post the output of:

    ls -la /var/www/awesome.com.pt/

    and the content of the awesome.com.pt vhost file and the fcgi starter file of this website.
     
  17. awd.pt

    awd.pt Member

    Good morning,
    here it goes

    Code:
    [[email protected] ~]# ls -l /var/www/awesome.com.pt/
    total 16
    drwxr-x--x  2 web24 client3 4096 Feb  2 11:24 cgi-bin
    lrwxrwxrwx  1 web24 client3   39 Feb 15 07:44 log -> /var/log/ispconfig/httpd/awesome.com.pt
    drwxr-x--x  2 web24 client3 4096 Mar 11 15:35 ssl
    drwxrwxrwx  2 web24 client3 4096 Apr  7 09:23 tmp
    drwx--x--- 11 web24 client3 4096 Mar 27 15:16 web
    Code:
    [[email protected] web24]# cat .php-fcgi-starter
    #!/bin/sh
    PHPRC="/var/www/conf/web24"
    export PHPRC
    PHP_DOCUMENT_ROOT="/var/www/clients/client3/web24"
    export PHP_DOCUMENT_ROOT
    # The variable PHP_FCGI_CHILDREN is onyl useful for lighty or nginx as apache
    # mod_fcgi will control the number of childs themself and never use the additional processes.
    # PHP_FCGI_CHILDREN=8
    # export PHP_FCGI_CHILDREN
    PHP_FCGI_MAX_REQUESTS=5000
    export PHP_FCGI_MAX_REQUESTS
    exec /usr/bin/php-cgi \
     -d open_basedir="/var/www/clients/client3/web24/web/:/var/www/clients/client3/web24/tmp/:/var/www/awesome.com.pt/web/:/sr  v/www/awesome.com.pt/web/:/usr/share/php5/:/tmp:/usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/" \
    -d upload_tmp_dir=/var/www/clients/client3/web24/tmp \
    -d session.save_path=/var/www/clients/client3/web24/tmp \
     
  18. till

    till Super Moderator Staff Member ISPConfig Developer

    Da ist irgendwo ein Leerzeichen in Deinem open_basedir. Korriguier das bitte mal in ispconfig:

    /sr v/www/awesome.com.pt/web/
     
  19. awd.pt

    awd.pt Member

    sorry that was a copy-paste bug, there's no blank space there
     
  20. till

    till Super Moderator Staff Member ISPConfig Developer

    Try to add :/tmp to the open basedir.
     

Share This Page