• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

PHP-FPM: Can't create files outside of vhost's root-dir (open_basedir not working properly)

Sommerzeit

New Pleskian
Hi there :)

I'm trying to do a simple mkdir() in PHP outside of the vhosts root-dir (e.g. instead of creating a folder in "/var/www/vhosts/example.com" I want to create it in "/var/www/vhosts/other-vhost.com/static"). I've come to face two major problems:

1. I added the folder I want to create files inside (e.g. /var/www/vhosts/other-vhost.com/static) to the open_basedir-list. PHP recognized the change (phpinfo() listed the new open_basedir-entry), but the access to the folder was still restricted as if I had not changed the open_basedir-list (same restriction-error as before):
Code:
mkdir(): open_basedir restriction in effect. File(/var/www/vhosts/other-vhost.com/static/some_dir) is not within the allowed path(s): (/var/www/vhosts/example.com/:/tmp/:/var/www/vhosts/other-vhost.com/static/)
Adding the folder to the open_basedir-list was working when I ran my script on an older server using php 5.3 as an apache-module on Plesk 11.5

2. Then I set open_basedir to none. Now I'm only getting a "mkdir(): Permission denied" warning. The thing is: I set the chmod to 777 and even chowned the folder to the user php-fpm should be using (it is using the system user as assigned by plesk, isn't it?). Permission is still denied.

Currently I'm using PHP 5.6.13 (run as PHP-FPM handled by apache) on Debian 8.2 with Plesk 12.5. Creating files/folders inside the vhosts-root-dir is working like a charm.

Is there any other php/apache/linux-security-obstacle I have to bypass to make this work?

Example:
Plesk system user: example-user

.php-File:
Code:
/var/www/vhosts/example.com/httpdocs # ls -l
-rw-r--r-- 1 example-user psacln 1806 Oct 19 13:26 index.php

And I'm trying to write in this folder ("static"):
Code:
/var/www/vhosts/other-vhost.com # ls -l
drwxr-xr-x 6 example-user psacln  4096 Oct 19 11:31 static

/etc/php5/fpm/pool.d/example.com.conf (with open_basedir)
Code:
[example.com]
; Don't override following options, they are relied upon by Plesk internally
prefix = /var/www/vhosts/system/$pool
user = example-user
group = psacln

listen = php-fpm.sock
listen.owner = root
listen.group = psaserv
listen.mode = 0660

; Following options can be overridden
chdir = /

; By default use ondemand spawning (this requires php-fpm >= 5.3.9)
pm = ondemand
pm.max_children = 5
pm.process_idle_timeout = 10s
; Following pm.* options are used only when 'pm = dynamic'
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 1

; Uses for log facility
; If php_value[error_log] is not defined error output will be send for nginx
catch_workers_output = yes

; php.ini custom configuration directives
php_value[max_execution_time] = 60
php_value[display_errors] = on
php_value[max_input_time] = 60
php_value[open_basedir] = "/var/www/vhosts/example.com/:/tmp/:/var/www/vhosts/other-vhost.com/static/"
php_value[error_reporting] = 32759
 
Last edited:
Back
Top