[BlueOnyx:10391] Re: open_basedir restriction in effect. FIXED?

[Stephanie Sullivan]

DD,

 

I think you have a small syntax error:

  php -d
open_basedir=/tmp/:/var/lib/php/session/:/usr/sausalito/configs/php/:/home/.
sites/70/site4/ /home/.sites/70/site4/test.php

 

should be:

  php -d
open_basedir=/tmp/:/var/lib/php/session/:/usr/sausalito/configs/php/:/home/.
sites/70/site4/:/home/.sites/70/site4/test.php

 

But I'd bet if the last part were omitted (:/home/.sites/70/site4/test.php)
it would still work.

 

                Thanks,

                                -Stephanie

 

 

 

 

From: DD [mailto:bqlist at distortal.com] 
Sent: Saturday, April 28, 2012 11:14 AM
To: 'BlueOnyx General Mailing List'
Subject: [BlueOnyx:10390] Re: open_basedir restriction in effect. FIXED?

 

OK, I think this is working now.

 

To run a PHP script from the command line, it transpires that not only must
your script and its files be in a permitted location, but you must also CD
to that location (even as root) before launching PHP.

 

I created a file at /home/.sites/70/site4/cron/test.cron which contains:

 

  #!/bin/bash

  cd /home/.sites/70/site4/

  php -d
open_basedir=/tmp/:/var/lib/php/session/:/usr/sausalito/configs/php/:/home/.
sites/70/site4/ /home/.sites/70/site4/test.php

 

It is chmod 777 and owned by root. All paths are required for open_basedir -
not just the one your script lives in.

 

I use the following in /etc/crontab to start it:

 

  */5 * * * * root
/home/sites/upload.engweld.co.uk/cron/update_products.cron

 

Many thanks to all who commented, and to Stephanie who contacted me
off-list. This was something I needed working before I can consider my own
upgrade to 5108R so I'm glad to have found a solution.

 

(now, who's going to be first to point out the glaring security hole I've
opened here? J )

 

 

 

Dick Dolby

 

 

From: blueonyx-bounces at mail.blueonyx.it
[mailto:blueonyx-bounces at mail.blueonyx.it] On Behalf Of Stephanie Sullivan
Sent: 28 April 2012 14:32
To: 'BlueOnyx General Mailing List'
Subject: [BlueOnyx:10389] Re: open_basedir restriction in effect.

 

DD,

 

Did you try setting the user to the user that uploaded the files? Also you
can specify the php.ini file to use:

 

/usr/bin/php -c <path to config> <script>

 

This way you can use a specific php.ini for a given command line instance.

 

For all the command line options try /usr/bin/php -h or man php.

 

                Thanks,

                                -Stephanie

 

 

 

From: Dudi Goldenberg [mailto:dudi at kolcore.com] 
Sent: Saturday, April 28, 2012 5:31 AM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:10388] Re: open_basedir restriction in effect.

 

The error msg is complaining about the root path (/) - which is indeed not
in the allowed path list.

 

I suspect that your script is trying to access the root path, perhaps due to
relative path(s) in it.

 

I'd try to modify the script to use absolute path instead and try again.

 

D.

 

PHP Warning: realpath(): open_basedir restriction in effect. File(/) is not
within the allowed path(s):
(/home/.sites/70/site4/:/tmp/:/var/lib/php/session/:/usr/sausalito/configs/p
hp/) in /home/.sites/70/site4/test.php on line 3

 

So even though I explicitly listed /home/.sites/70/site4/ as a permitted
folder, it's not working.

 

If I change /etc/crontab to use the "#!/usr/bin/php" trick that D mentioned,
I get:

 


PHP Warning: realpath(): open_basedir restriction in effect. File(/) is not
within the allowed path(s):
(/tmp/:/var/lib/php/session/:/usr/sausalito/configs/php/) in
/home/.sites/70/site4/test.php on line 3 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20120428/1085a785/attachment.html>