|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2005-06-01 23:01 UTC] soenke at city-map dot de
Description: ------------ I discovered the strange behaviour of PHP4 that the open_basedir settings of several vhosts are leaking between each other. PHP configure line: './configure' \ '--with-apxs2=/usr/sbin/apxs' \ '--prefix=/usr' \ '--with-mysql=/usr' \ '--enable-safe-mode' \ '--enable-trans-sid' \ '--with-jpeg-dir=/usr' \ '--with-gd' \ '--with-zlib-dir=/usr' \ '--with-freetype-dir=/usr' \ Apache line: "./configure" \ "--enable-layout=RedHat" \ "--enable-mods-shared=most" \ "--enable-module=ssl" \ "--enable-ssl" \ "--with-ssl=/usr" \ "--enable-so" \ It's a mass-hosting Apache 2.0.54 server with many vhosts running the confixx tool. Here an example of 2 vhosts (generated by confixx): <VirtualHost xxx:80> ServerName xxx.de ServerAlias xxxx DocumentRoot /usr/local/httpd/htdocs/web405/html SuexecUserGroup web405 web405 php_admin_value open_basedir /usr/local/httpd/htdocs/web405/html/:/usr/local/httpd/htdocs/web405/phptmp/:/usr/local/httpd/htdocs/web405/files/:/usr/local/httpd/htdocs/web405/atd/ php_admin_value file_uploads 1 php_admin_value upload_tmp_dir /usr/local/httpd/htdocs/web405/phptmp/ </VirtualHost> <VirtualHost xxx:80> ServerName xxx ServerAlias xxx DocumentRoot /usr/local/httpd/htdocs/web309/html SuexecUserGroup web309 web309 php_admin_value open_basedir /usr/local/httpd/htdocs/web309/html/:/usr/local/httpd/htdocs/web309/phptmp/:/usr/local/httpd/htdocs/web309/files/:/usr/local/httpd/htdocs/web309/atd/ php_admin_value file_uploads 1 php_admin_value upload_tmp_dir /usr/local/httpd/htdocs/web309/phptmp/ <Directory "/usr/local/httpd/htdocs/web309/html/rsh"> Options FollowSymLinks SymLinksIfOwnerMatch </Directory> </VirtualHost> The /usr/local/httpd/htdocs path is a real directory, no symlinks. Now I open one of these virtual hosts via web-browser. That works. But if I try to open the second vhost: Warning: Unknown(): open_basedir restriction in effect. File(/usr/local/httpd/htdocs/web405/html/index.php) is not within the allowed path(s): (/usr/local/httpd/htdocs/web309/html/:/usr/local/httpd/htdocs/web309/phptmp/:/usr/local/httpd/htdocs/web309/files/:/usr/local/httpd/htdocs/web309/atd/) in Unknown on line 0 Warning: Unknown(/usr/local/httpd/htdocs/web405/html/index.php): failed to open stream: Operation not permitted in Unknown on line 0 Warning: (null)(): Failed opening '/usr/local/httpd/htdocs/web405/html/index.php' for inclusion (include_path='.') in Unknown on line 0 The second vhost uses the open_basedir settings from the first one. That's really strange. I tested this with PHP4.3.10/11 and the latest CVS snapshot. I upgraded the Fedora distribution and recompiled Apache+PHP. No success. Now I really didn't know what to do any more and so opened this bug report. If you need more information or debugging it's no problem since it's no production system yet. PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 06 16:00:01 2025 UTC |
Got it: It's somehow related to safe_mode. I hat the safe_mode directives in an Apache <Directory> directive: <Directory /usr/local/httpd/htdocs> php_admin_flag safe_mode_gid On php_admin_flag safe_mode On </Directory> That does _NOT_ work. After commenting out the the <Directory> like this: #<Directory /usr/local/httpd/htdocs> php_admin_flag safe_mode_gid On php_admin_flag safe_mode On #</Directory> it works. Now the PHP flags are in the global Apache config. But that's a strange behaviour, too, isn't it?