| Author |
|
tc1415
Joined: 07 May 2006
Posts: 6
|
 Posted: Tue 23 May '06 9:07 Post subject: OpenBaseDir in PHP |
 |
|
Hi,
Not sure if this is coding or not but it seems the best place to ask -
Is this the way its supposed to work, or is it a bug?
Setting openbasedir to c:\apache2.2\htdocs prevents reading the files in c:\apache2.2\htdocs, but allows viewing the directories etc., and thus setting it to c:\apache2.2 allows access to htdocs root, but also bin and conf etc. which I don't want.
The manuel says | Quote: | | this directory and below |
, now, unless I'm a bit mistaken either there is a bug in the code, or I'm reading the manuel wrong.
Thanks in advance |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Tue 23 May '06 18:28 Post subject: |
|
|
In php.ini
| Code: |
open_basedir = "C:/apache2.2/htdocs/"
|
Don't forget the " because they are needed to work under Windows.
| Quote: |
open_basedir string
Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.
When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink.
The special value . indicates that the working directory of the script will be used as the base-directory. This is, however, a little dangerous as the working directory of the script can easily be changed with chdir().
In httpd.conf, open_basedir can be turned off (e.g. for some virtual hosts) the same way as any other configuration directive with "php_admin_value open_basedir none".
Under Windows, separate the directories with a semicolon. On all other systems, separate the directories with a colon. As an Apache module, open_basedir paths from parent directories are now automatically inherited.
The restriction specified with open_basedir is actually a prefix, not a directory name. This means that "open_basedir = /dir/incl" also allows access to "/dir/include" and "/dir/incls" if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: "open_basedir = /dir/incl/"
Note: Support for multiple directories was added in 3.0.7.
The default is to allow all files to be opened.
|
|
|
| Back to top |
|
tc1415
Joined: 07 May 2006
Posts: 6
|
| Posted: Tue 23 May '06 21:34 Post subject: |
|
|
Thanks, working now  |
|
| Back to top |
|
DeliriumServers
Joined: 17 Jun 2006
Posts: 54
Location: H Town
|
| Posted: Thu 10 Aug '06 6:29 Post subject: mod_vd dynamic base directory? |
|
|
Is there a way to have a dynamic open_basedir so that each host would be limited to just their folder?
I'm running mod_vd so each host is created dynamically. Could open_basedir be set with some type of special variable for host, and would this work?
Thank you for your time,
delirium  |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Thu 10 Aug '06 10:47 Post subject: |
|
|
| Quote: |
In httpd.conf, open_basedir can be turned off (e.g. for some virtual hosts) the same way as any other configuration directive with "php_admin_value open_basedir none".
|
php_admin_avlue open_basedir "C:\secondPath"
This hint was in my post above too  |
|
| Back to top |
|
DeliriumServers
Joined: 17 Jun 2006
Posts: 54
Location: H Town
|
| Posted: Thu 10 Aug '06 19:40 Post subject: confused |
|
|
| I'm confused, how would that set different open_basedir for each of my websites? |
|
| Back to top |
|
pnllan
Joined: 05 Dec 2005
Posts: 221
|
| Posted: Thu 10 Aug '06 21:26 Post subject: |
|
|
Delirium,
I do not think what you are wanting to do is possible. I could be wrong, but what does the PHP manual say about it.
Consider that what you are wanting to do is within the php.ini, so for the dynamic open_basedir to accuate - wouldn't you have to at least restart Apache. |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Thu 10 Aug '06 21:50 Post subject: |
|
|
| DeliriumServers wrote: | I'm running mod_vd so each host is created dynamically. Could open_basedir be set with some type of special variable for host, and would this work?
|
You want some thing like: per Vhost dynamically
php_admin_value open_basedir "x:/xxx/xxx/"
As far as I know this is not possible. A drawback of using mod_vhost_alias or mod_vd.
Steffen |
|
| Back to top |
|
DeliriumServers
Joined: 17 Jun 2006
Posts: 54
Location: H Town
|
| Posted: Fri 11 Aug '06 2:12 Post subject: |
|
|
hmmm
well thanks for the info! I really appreciate it!
-delirium |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Fri 11 Aug '06 9:05 Post subject: |
|
|
| Maybe it works with the mod_macro to create it dynamicly |
|
| Back to top |
|
DeliriumServers
Joined: 17 Jun 2006
Posts: 54
Location: H Town
|
| Posted: Mon 14 Aug '06 3:11 Post subject: |
|
|
but don't you still have to edit the httpd.conf file everytime you wanted to add a directory? from what I can tell mod macro just makes it so that you don't have to retype long entries, but you still have to edi the conf file.
-delirium |
|
| Back to top |
|
dio
Joined: 02 Jun 2007
Posts: 5
|
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Sun 03 Jun '07 12:18 Post subject: |
|
|
Dio,
I understand your request. But my policy is that I only primarly produce binaries of Apache2 en modules. And that I make it available without any changes to the original source-code.
Steffen |
|
| Back to top |
|
Jorge
Joined: 12 Mar 2006
Posts: 376
Location: Belgium
|
| Posted: Tue 05 Jun '07 8:07 Post subject: |
|
|
| James Blond wrote: | | Maybe it works with the mod_macro to create it dynamicly |
Yes it is possible that is what I do.
Raughtly I got a NewVHost macro that setups a http and dav vhost with the correct openbase dir and for the vhost. |
|
| Back to top |
|
