• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Open basedir problem

E

Erwan

Regular Pleskian
Hello,

We have deux websites we must exchange data on Plesk Onyx.
Until today, there was no problem for a site to access informations/files of the second and vice versa.
Two websites were with PHP 5.3.3 by OSVendor.

Today, we upgraded the first website to PHP 5.6.
Everything works except for access to files from the second site. There is an open_basedir restriction.

mod_fcgid: stderr: PHP Warning: is_file(): open_basedir restriction in effect. File(/var/www/vhosts/website1/httpdocs/app/../../../website2/httpdocs/cata/1860-AFpBFTRXVn/cata.pdf) is not within the allowed path(s): (/var/www/vhosts/website1/httpdocs/:/var/www/vhosts/website2/httpdocs/:/tmp) in /var/www/vhosts/website1/httpdocs/web/thefile/ on line 72, referer: https://website1/work/?t=3

But i don't why? All seems to be ok for open_basedir:
For the first website:
/var/www/vhosts/website1/httpdocs/:/var/www/vhosts/website2/httpdocs/:/tmp
For the second website:
/var/www/vhosts/website1/httpdocs/:/var/www/vhosts/website2/httpdocs/:/tmp

Safe_mode is off for the two websites.

The problem now persists when I return to the PHP 5.3.3.
So please help me?
 
Last edited:
Hi,

I'm not sure exactly.

"/var/www/vhosts/website1/httpdocs/app/../../../website2/httpdocs/cata/1860-AFpBFTRXVn/cata.pdf" => "/var/www/vhosts" + "/website2/httpdocs/cata/1860-AFpBFTRXVn/cata.pdf", but "/var/www/vhosts" not in open_basedir. Maybe something was changed in PHP since 5.3.3.

Could you write path to file without "../", just "/var/www/vhosts/website2/httpdocs/cata/1860-AFpBFTRXVn/cata.pdf"?
 
One more thing:

"/var/www/vhosts/website1/httpdocs/app/../../../website2/" not equal "/var/www/vhosts/website2/" as string.
 
It worked previously with ../
It's the same result with "/var/www/vhosts/website2/httpdocs/cata/1860-AFpBFTRXVn/cata.pdf"...


I'm going to be crazy....
 
Is there anything other than "open_basedir" as restriction?

We no longer have the error message but can not access to the file... while the path is good
 
Do you see any messages in logs while try get access to file?

/var/log/nginx/*
/var/log/httpd/*
/var/log/php-fpm/*
/var/log/plesk-php56-fpm/*
 
AYamshanov,

Nothing about this problem in theses logs.

I've disable open_basedir restriction on the two websites.
I no longer have the error message Warning: is_file(): open_basedir restriction in effect.
But does not find the file.

I've made this simple script that i've put on the two websites:

<?php
$rep = '/var/www/vhosts/website2/httpdocs/file2.php';
if(is_file($rep)){
die("ok");
}else{
echo("No file");
}

==> "No file" when i call the website1 script
==> "Ok" when i call the website2 script

I do not know what to test...
 
I have reproduced the problem.

Could you look at permissions of "/var/www/vhosts/website2/" and "/var/www/vhosts/website2/httpdocs/".

php-fpm for website1 configured with something parameters like this (/etc/php-fpm.d/website1.conf):
user = website1
group = psacln

Permissions for website2 and website2/httpdocs looks like:
drwx--x--- 5 website2 psaserv 4096 Feb 28 11:36 website2
drwxr-x--- 5 website2 psaserv 4096 Feb 28 11:36 website2/httpdocs

So, just no file system permissions.
 
I'm not sure to understand.
Permissions are:

drwx--x--- 15 ftpweb9 psaserv 4096 27 fevr. 13:39 website1
drwxr-x--- 8 ftpweb9 psaserv 4096 27 fevr. 13:38 website1/httpdocs
drwx--x--- 5 ftpweb10 psaserv 4096 18 avril 2016 website2
drwxr-x--- 6 ftpweb10 psaserv 4096 28 fevr. 10:31 website2/httpdocs

But i don't have something like that /etc/php-fpm.d/website1.conf. Only /etc/php.d/ directory.
I've /opt/plesk/php/5.6/etc/php-fpm.d directory but it's empty.
 
Yes, you need add read permission for owner of website1 to directory of website2. I did it only for test by command "chmod a+rx website2 website2/httpdocs" but it's not secure because this allow read "website2" and "website2/httpdocs" for anyone on server.
 
chmod a+rx website2 website2/httpdocs

There isn't another solution?
Why we don't have problem before (since 1 year)?

The only thing we change is the PHP 5.3.3 ==> 5.6.
When we return to 5.3.3, the problem still here.
 
Last edited:
You must log in or register to reply here.

Similar threads

S
Question Help access subdomain images from primary domain
Replies
3
Views
2K
SkyB
S
N
Issue NGINX FastCGI Cache open_basedir restriction bug?
Replies
1
Views
1K
Peter Debik
P
LionKing
Issue PHP Warning: Unknown: open_basedir restriction in effect
Replies
8
Views
4K
Peter Debik
P
N
Question open_basedir issue with borlabs cookie
Replies
3
Views
849
Peter Debik
P
X
Issue AH01071: Got error 'PHP message: PHP Warning:
Replies
7
Views
13K
XTech
X
Back
Top