PHP Security settings for websites?

Discussion in 'General' started by crypted, Jul 2, 2010.

  1. crypted

    crypted New Member

    Okay, I have been having a heck of a time trying to use automatic update with Wordpress. Finally, I'm realizing it has to do something with the settings for the PHP security on the websites.

    ISPConfig2 had the SAFEMODE setting which would screw stuff up, but this does not.

    Here's one of the errors:
    Warning: is_readable() [function.is-readable]: open_basedir restriction in effect. File(/var/www/clients/client1/web5/web/wp-content/advanced-cache.php) is not within the allowed path(s): (/var/www/clients/client1/web5/web:/var/www/clients/client1/web5/tmp:/var/www/areyouliberal.com/web:/srv/www/areyouliberal.com/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin) in /var/www/clients/client1/web5/web/wp-admin/includes/plugin.php on line 348

    I'm using Mod-PHP.

    Any thoughts on getting straight PHP operational without these restrictions?
     
  2. till

    till Super Moderator

    I run several wordpress sites on ispconfig, all work perfectly.

    Thats the reason why it does not work. The automatic update needs write permissions to the folders and mod_php is only used if applications shall not have write permissions to the folders.

    Chnage the php settings of the website to php-fcgi and enable the suexec checkbox. Then make sure that all files and folders in the "web§ folder of the website belong to the website user and group.
     
  3. crypted

    crypted New Member

    Almost resolved! Now, I can do updates, but I gain a new error:

    Warning: session_start() [function.session-start]: open(/var/www/clients/client1/web26/tmp/sess_ffa61689d606b9aa3ef614d4704eaa64, O_RDWR) failed: Permission denied (13) in /var/www/clients/client1/web26/web/wp-content/plugins/si-contact-form/si-contact-form.php on line 1068

    Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /var/www/clients/client1/web26/web/wp-content/plugins/si-contact-form/si-contact-form.php:1068) in /var/www/clients/client1/web26/web/wp-content/plugins/si-contact-form/si-contact-form.php on line 1068

    Warning: Cannot modify header information - headers already sent by (output started at /var/www/clients/client1/web26/web/wp-content/plugins/si-contact-form/si-contact-form.php:1068) in /var/www/clients/client1/web26/web/wp-includes/pluggable.php on line 890

    Warning: Unknown: open(/var/www/clients/client1/web26/tmp/sess_ffa61689d606b9aa3ef614d4704eaa64, O_RDWR) failed: Permission denied (13) in Unknown on line 0

    Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/www/clients/client1/web26/tmp) in Unknown on line 0

    A support forum guru at Wordpress told me that it's a webhost problem:

    So what would cause that?
     
    Last edited: Jul 5, 2010
  4. crypted

    crypted New Member

    This only occurs with FAST-CGI and not Mod-PHP...
     
  5. till

    till Super Moderator

    This happens because you had switched from mod_php to fast-cgi without closing the browser of the website you are using and / or without clearing the session directory. Run:

    rm -f /var/www/clients/client1/web26/tmp/*

    to clear the session dir.
     
  6. crypted

    crypted New Member

    Seems to work perfect. Thanks man!!!!
     

Share This Page