I am running into a problem where trying to set open_basedir dynamically under nginx (and apache) for php-fpm is "bleeding through" to other vhosts when running php-fpm as user "nobody" (for legacy reasons).
using
fastcgi_param PHP_ADMIN_VALUE "open_basedir=/home/mike/htdocs";
and
fastcgi_param PHP_ADMIN_VALUE "open_basedir=/home/adam/htdocs";
etc. where appropriate for each virtual host (php 5.3.20)
phpinfo shows the correct open_basedir being set, but eventually (rather quickly) I start to get errors thrown where one of the virtual hosts will run into the wrong open_basedir, trying to execute a program for "mike" but having the open_basedir for "adam".
Since fastcgi_param is just basically setting the environment for php-fpm, what I think is happening is the same worker will get it's environment changed while it's still processing a php file.
Somehow servers like litespeed which also use a fastcgi php process (running as nobody) get this right and work correctly with open_basedir being able to be set externally without "bleeding" between virtualhosts.
So I am wondering if there is a trick or workaround I can use to keep running as "nobody" and preserving the environment between vhosts.
I should note I am using unix sockets and not tcp/ip but I don't think that makes a difference.
Best Answer
I found a mention of the same problem here:
http://forum.nginx.org/read.php?3,234856
They said they were able to work around by it using the new [host=xyz.xyz] directive for php.ini which was made available after 5.3
The php.net manual shows a comment warning this does not work properly with php-fpm, but that comment is two years old and may have been resolved.
http://php.net/manual/en/ini.sections.php#101689