[BlueOnyx:10393] Re: open_basedir restriction in effect. FIXED?

Gerald Waugh gwaugh at frontstreetnetworks.net
Sat Apr 28 11:35:33 -05 2012 

On 04/28/2012 10:13 AM, DD wrote:
> OK, I think this is working now.
> 
>  
> 
> To run a PHP script from the command line, it transpires that not only
> must your script and its files be in a permitted location, but you must
> also CD to that location (even as root) before launching PHP.
> 
>  
> 
> I created a file at /home/.sites/70/site4/cron/test.cron which contains:
> 
>  
> 
>   #!/bin/bash
> 
>   cd /home/.sites/70/site4/
> 
>   php -d
> open_basedir=/tmp/:/var/lib/php/session/:/usr/sausalito/configs/php/:/home/.sites/70/site4/
> /home/.sites/70/site4/test.php
> 
>  
> 
> It is chmod 777 and owned by root. All paths are required for
> open_basedir - not just the one your script lives in.
> 
>  
> 
> I use the following in /etc/crontab to start it:
> 
>  
> 
>   */5 * * * * root
> /home/sites/upload.engweld.co.uk/cron/update_products.cron
> 
>  
> 
> Many thanks to all who commented, and to Stephanie who contacted me
> off-list. This was something I needed working before I can consider my
> own upgrade to 5108R so I'm glad to have found a solution.
> 
>  
> 
> (now, who's going to be first to point out the glaring security hole
> I've opened here? J)
> 
>  
> 
>  
> 
>  
> 
> Dick Dolby
> 
>  
> 
>  
> 
> *From:*blueonyx-bounces at mail.blueonyx.it
> [mailto:blueonyx-bounces at mail.blueonyx.it] *On Behalf Of *Stephanie Sullivan
> *Sent:* 28 April 2012 14:32
> *To:* 'BlueOnyx General Mailing List'
> *Subject:* [BlueOnyx:10389] Re: open_basedir restriction in effect.
> 
>  
> 
> DD,
> 
>  
> 
> Did you try setting the user to the user that uploaded the files? Also
> you can specify the php.ini file to use:
> 
>  
> 
> /usr/bin/php –c <path to config> <script>
> 
>  
> 
> This way you can use a specific php.ini for a given command line instance.
> 
>  
> 
> For all the command line options try /usr/bin/php –h or man php.
> 
>  
> 
>                 Thanks,
> 
>                                 -Stephanie
> 
>  
> 
>  
> 
>  
> 
> *From:*Dudi Goldenberg [mailto:dudi at kolcore.com]
> <mailto:[mailto:dudi at kolcore.com]>
> *Sent:* Saturday, April 28, 2012 5:31 AM
> *To:* BlueOnyx General Mailing List
> *Subject:* [BlueOnyx:10388] Re: open_basedir restriction in effect.
> 
>  
> 
> The error msg is complaining about the root path (/) – which is indeed
> not in the allowed path list.
> 
>  
> 
> I suspect that your script is trying to access the root path, perhaps
> due to relative path(s) in it.
> 
>  
> 
> I'd try to modify the script to use absolute path instead and try again.
> 
>  
> 
> D.
> 
>  
> 
> PHP Warning: realpath(): open_basedir restriction in effect. File(/) is
> not within the allowed path(s):
> (/home/.sites/70/site4/:/tmp/:/var/lib/php/session/:/usr/sausalito/configs/php/)
> in /home/.sites/70/site4/test.php on line 3
> 
>  
> 
> So even though I explicitly listed /home/.sites/70/site4/ as a permitted
> folder, it's not working.
> 
>  
> 
> If I change /etc/crontab to use the "#!/usr/bin/php" trick that D
> mentioned, I get:
> 
>  
> 
> PHP Warning: realpath(): open_basedir restriction in effect. File(/) is
> not within the allowed path(s):
> (/tmp/:/var/lib/php/session/:/usr/sausalito/configs/php/) in
> /home/.sites/70/site4/test.php on line 3 
> 
>  

chmod 755 may be preferable.
You don't want just anybody writing the file

-- 
Gerald

More information about the Blueonyx mailing list