Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
398 views
in Technique[技术] by (71.8m points)

security - How can I relax PHP's open_basedir restriction?

open_basedir limits the files that can be opened by PHP within a directory-tree.

I am storing several class libraries and configuration files outside of my web root directory. This way the web server does not make them publicly accessible. However when I try to include them from my application I get an open_basedir restriction error like this:

Warning: realpath() [function.realpath]: open_basedir restriction in effect. File(/var/www/vhosts/domain.tld/zend/application) is not within the allowed path(s): (/var/www/vhosts/domain.tld/httpdocs:/tmp) in /var/www/vhosts/domain.tld/httpdocs/index.php on line 5

My web root is here:

/var/www/vhosts/domain.tld/httpdocs

My libraries and configuration directory are here:

/var/www/vhosts/domain.tld/zend

What would be the best workaround to relax the open_basedir restriction so that the the directory tree under the domain folder becomes available to my application? I have a number of domains that I want to do this with, and I'm also obviously wary of creating security vulnerabilities.

Note: I am using CentOS, Apache, Plesk, and I have root ssh access to the server. And though this doesn't apply to Zend Framework directly, I am using it in this instance. So here is the inclusion from Zend's bootstrap:

define('APPLICATION_PATH', realpath(dirname(__FILE__) . '/../zend/application/'));
set_include_path(APPLICATION_PATH . '/../zend/library' . PATH_SEPARATOR . get_include_path());
Question&Answers:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

You can also do this easily on a per-directory basis using the Apache (assuming this is your web server) configuration file (e.g. httpd.conf)

<Directory /var/www/vhosts/domain.tld/httpdocs>
php_admin_value open_basedir "/var/www/vhosts/domain.tld/httpdocs:/var/www/vhosts/domain.tld/zend"
</Directory>

you can also completely remove the restriction with

<Directory /var/www/vhosts/domain.tld/httpdocs>
php_admin_value open_basedir none
</Directory>

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...