php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #22181 open_basedir and virtual hosting
Submitted: 2003-02-12 00:30 UTC Modified: 2011-01-01 01:25 UTC
Votes:7
Avg. Score:4.7 ± 0.5
Reproduced:5 of 5 (100.0%)
Same Version:0 (0.0%)
Same OS:2 (40.0%)
From: dragos dot nitu at idilis dot ro Assigned: jani (profile)
Status: Closed Package: *General Issues
PHP Version: 4.3.0 OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dragos dot nitu at idilis dot ro
New email:
PHP Version: OS:

 

 [2003-02-12 00:30 UTC] dragos dot nitu at idilis dot ro
In apache, using nameserver based mass virtual hosting, I can't set open_basedir per user/virtual host basis.
Solutions like php_admin_value .:/usr/lib/php didn't work for all users (../include).

The solution that I think of is to set open_basedir to something like ".:/var/www/*/:/usr/lib/php", where '*' will be replaced by the coresponded directory from the script path.
For example '/var/www/www.site.com/forum/index.php' should have open_basedir '/var/www/www.site.com/'.

I made an 'works for me patch' available here:
ftp://ftp.idilis.ro/linux/idilis/basedir.patch

However it wold be nice if this feature would be included in future php versions.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-11-22 13:45 UTC] creinig at sunsite dot dk
Similar problem here: We want to use php with apache2 
(mpm_worker) via fastcgi for a shared hosting setup. One 
solution to securing this is to use mod_suexec to create a 
separate pool of php instances per virtualhost. But that's 
eating tons of RAM. 
 
If open_basedir (and if possible also 
safe_mode_include_dir, safe_mode_exec_dir, include_path and 
upload_tmp_dir) would accept wildcards as described in the 
original requets, it would be possible to securely use one 
pool of php instances for all vhosts.
 [2011-01-01 01:25 UTC] jani@php.net
-Status: Open +Status: Closed -Package: Feature/Change Request +Package: *General Issues -Assigned To: +Assigned To: jani
 [2011-01-01 01:25 UTC] jani@php.net
It's PHP_INI_ALL nowadays.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 12 17:01:31 2024 UTC