Nginx – how to add an open_basedir path in nginx vhost

In php.ini I've set

open_basedir = /home/user/web/

Now I would like to run phppgadmin on a subdomain which needs to include files from /usr/share/phppgadmin.
So I added the following line to the nginx-config for this host:

fastcgi_param PHP_VALUE open_basedir="/home/user/web/:/usr/share/phppgadmin/";

and restarted nginx. However, I can't access the site because of following error:

[error] 31440#0: *1 FastCGI sent in stderr: "PHP Warning: include_once(): open_basedir restriction in effect. File(/usr/share/phppgadmin/libraries/lib.inc.php) is not within the allowed path(s): (/home/user/web/) in /usr/share/phppgadmin/info.php on line 10

What could be the reason that the 2nd path isn't listed here? What else do I need to add an open_basedir to a virtual host? I only used the default file in /sites-available.

edit Always think of restarting fpm…

service php5-fpm restart

Best Answer

For your particular situation, you should consider just adding /usr/share to the default open_basedir, since anything in there is designed to be read by the world anyway.

Plus, open_basedir is easily circumvented unless you have locked down shell_exec, exec, system and similar PHP functions so don't consider secured for using it (I know, it sucks).

If you're wondering how you can circumvent it easily, you can just system('php -n ascript.php');. The -n will cause no PHP.ini to be read, so no open_basedir will be applied.

Best Answer

Related Solutions

Php – Getting “open_basedir restriction in effect” in spite of adding the correct entry

Ubuntu – Securing PHP via open_basedir based on script path

Related Topic