[BlueOnyx:26171] Re: BlueOnyx 5210R/5211R "open_basedir" can be set to "none" now

Michael Stauber mstauber at blueonyx.it
Sat Apr 29 20:36:11 -05 2023 

Hi Brian,

> Ran into an issue I believe after the update.
> WHMCS says it wants to run the following, which has been working for a long time until within the last 24 hours (I think around 4-5 when I write this).
 >
> /usr/bin/php -q /home/.sites/site3/wwwroot/web/portal/crons/cron.php
> 
> Via SSH root account, I get the following:
> [root@<servername> ~]# /usr/bin/php -q /home/.sites/site3/wwwroot/web/portal/crons/cron.php
> PHP Warning:  require_once(): open_basedir restriction in effect. File(/home/.sites/site3/wwwroot/web/portal/crons/bootstrap.php) is not within the allowed path(s): (/tmp/:/usr/sausalito/configs/php/:/var/lib/php/session/) in /home/.sites/site3/wwwroot/web/portal/crons/cron.php on line 0
> PHP Warning:  require_once(/home/.sites/site3/wwwroot/web/portal/crons/bootstrap.php): failed to open stream: Operation not permitted in /home/.sites/site3/wwwroot/web/portal/crons/cron.php on line 0
> PHP Fatal error:  require_once(): Failed opening required '/home/.sites/site3/wwwroot/web/portal/crons/bootstrap.php' (include_path='.:/usr/share/pear:/usr/share/php') in /home/.sites/site3/wwwroot/web/portal/crons/cron.php on line 0


There is no way for a cronjob to know which Vsite it belongs to. And 
therefore it runs with the default php.ini for whatever PHP version (OS 
or shop) you are using. And that php.ini does have restrictive 
open_basedir settings.

But there is a way around that. Modify your cronjob to set a 
'open_basedir=none' on the commandline:

/usr/bin/php -d open_basedir='none' my-script.php

... or ...

/home/solarspeed/php-<version>/bin/php -d open_basedir='none' my-script.php

So in your case it would be this:

/usr/bin/php -d open_basedir='none' -q 
/home/.sites/site3/wwwroot/web/portal/crons/cron.php

That should do the trick.

Or if you want it to be restrictive, assemble a correct open_basedir for 
your usage case like this:

/usr/bin/php -d 
open_basedir='/tmp/:/usr/sausalito/configs/php/:/var/lib/php/session/:/home/.sites/site3/' 
-q /home/.sites/site3/wwwroot/web/portal/crons/cron.php

That then limits this PHP cronjob to the above defined directories and 
this one includes the root directory of the Vsite, which is missing if 
you run with the 'open_basedir' settings of the php.ini alone.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list