In php.ini I've set
open_basedir = /home/user/web/
Now I would like to run phppgadmin on a subdomain which needs to include files from /usr/share/phppgadmin.
So I added the following line to the nginx-config for this host:
fastcgi_param PHP_VALUE open_basedir="/home/user/web/:/usr/share/phppgadmin/";
and restarted nginx. However, I can't access the site because of following error:
[error] 31440#0: *1 FastCGI sent in stderr: "PHP Warning: include_once(): open_basedir restriction in effect. File(/usr/share/phppgadmin/libraries/lib.inc.php) is not within the allowed path(s): (/home/user/web/) in /usr/share/phppgadmin/info.php on line 10
What could be the reason that the 2nd path isn't listed here? What else do I need to add an open_basedir to a virtual host? I only used the default file in /sites-available.
edit Always think of restarting fpm…
service php5-fpm restart
Best Answer
For your particular situation, you should consider just adding
/usr/share
to the defaultopen_basedir
, since anything in there is designed to be read by the world anyway.Plus,
open_basedir
is easily circumvented unless you have locked downshell_exec
,exec
,system
and similar PHP functions so don't consider secured for using it (I know, it sucks).If you're wondering how you can circumvent it easily, you can just
system('php -n ascript.php');
. The-n
will cause no PHP.ini to be read, so noopen_basedir
will be applied.