php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #22220 "php_admin_value open_basedir none" does not work
Submitted: 2003-02-14 04:03 UTC Modified: 2003-02-15 17:24 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: root at mediamonks dot net Assigned:
Status: Closed Package: Apache related
PHP Version: 4.3.0 OS: FreeBSD 4.7-STABLE
Private report: No CVE-ID: None
 [2003-02-14 04:03 UTC] root at mediamonks dot net
I have this in my php.ini as default:

open_basedir = /var/www

I have a virtualhost block like this:

<VirtualHost 192.168.0.1>
  ServerName "host.example.com"
  DocumentRoot "/var/www/host.example.com/root"
  <Directory "/var/www/host.example.com/root/admin">
    Options Indexes ExecCgi
    php_admin_value safe_mode 0
    php_admin_value open_basedir "/"
  </Directory>
</VirtualHost>

The goal is to force a default open_basedir of "/var/www" to everything, except the explicitly specified /admin directory and contents (same with safe_mode).

First, I read that setting the open_basedir to "/" doesn't work anymore in http://bugs.php.net/bug.php?id=22101. Seems kinda weird as the documentation states:

[The restriction specified with open_basedir is actually a prefix, not a directory name. This means that "open_basedir = /dir/incl" also allows access to "/dir/include" and "/dir/incls" if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: "open_basedir = /dir/incl/"]

But besides that, specifying 'none' as open basedir in the virtualhost doesn't turn it off, it uses the default of /var/www, and I haven't found a way to set the open_basedir to NULL.

So, as I see it either the 'none' setting isn't working correctly and needs to be fixed or the possibility of setting the open_basedir to "/" needs to be put back in.

Unless I'm overseeing some very trivial way of turning the open_basedir restriction off of course.

Thanks in advance.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-02-14 04:26 UTC] cmouse at quakenet dot org
Hmm
it works for my system

open_basedir = '/www'; in php.ini
and in apache <directory> directive i have
php_admin_value open_basedir none
which works grand. did you try actually acessing a file outside the docroot?
 [2003-02-14 08:36 UTC] iliaa@php.net
Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. Because of this, we hope you add your comments
to the existing bug instead.

Thank you for your interest in PHP.

First of all open_basedir of '/' is rather meaningless since it allows opening of every file anyway. Secondly the open_basedir problems especially in FreeBSD enviroment should be convered in bug report #19292.
 [2003-02-15 13:02 UTC] root at mediamonks dot net
Actually, I added a comment to 19292 about my problem and it was deleted as not being appropriate there.

I am not having trouble with random open_basedir errors, I'm having one simple problem.

I have a default open_basedir of '/var/www/' in my php.ini and I used to turn off ('allow all files to be opened') for a particular vhost by setting open_basedir to '/'.

Whether this wastes resources I don't know and actually I don't care too, because it does what I want.

Starting with 4.3.0 I can't use '/' as open_basedir anymore for some reason, and imo it wasn't thought about properly because it creates contradictory error messages like:

[Warning: Unknown(): open_basedir restriction in effect. File(/var/www/host.example.com/root/admin/phpinfo.php) is not within the allowed path(s): (/) in Unknown on line 0]

But I couldn't care less if there was an equivalent for setting open_basedir to '/'. Because all I need is to turn off open_basedir for a particular vhost.

And I tried setting open_basedir to none, 'none' and "none", but this just leaves the default of '/var/www' in effect.

So I'm guessing that the 'none' setting isn't working properly as I would think that it should turn off the open_basedir restriction for the vhost.
 [2003-02-15 13:18 UTC] sniper@php.net
So this bug's summary should be:

"'php_admin_value open_basedir none' does not work"

???

 [2003-02-15 13:20 UTC] sniper@php.net
I tested that now, and indeed, it doesn't work.

 [2003-02-15 13:36 UTC] root at mediamonks dot net
As there's nothing I can find in the documentation about the 'none' setting I don't know wheter it should turn off the open_basedir or should inherit the default.

Both make sense, but if it's the latter then there's no way to turn the open_basedir restriction off, other than '/'.
 [2003-02-15 14:24 UTC] sniper@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 10:01:29 2024 UTC