• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

PHP-FPM: Can't create files outside of vhost's root-dir (open_basedir not working properly)

S

Sommerzeit

New Pleskian
Hi there :)

I'm trying to do a simple mkdir() in PHP outside of the vhosts root-dir (e.g. instead of creating a folder in "/var/www/vhosts/example.com" I want to create it in "/var/www/vhosts/other-vhost.com/static"). I've come to face two major problems:

1. I added the folder I want to create files inside (e.g. /var/www/vhosts/other-vhost.com/static) to the open_basedir-list. PHP recognized the change (phpinfo() listed the new open_basedir-entry), but the access to the folder was still restricted as if I had not changed the open_basedir-list (same restriction-error as before):
Code: 
mkdir(): open_basedir restriction in effect. File(/var/www/vhosts/other-vhost.com/static/some_dir) is not within the allowed path(s): (/var/www/vhosts/example.com/:/tmp/:/var/www/vhosts/other-vhost.com/static/)
Adding the folder to the open_basedir-list was working when I ran my script on an older server using php 5.3 as an apache-module on Plesk 11.5

2. Then I set open_basedir to none. Now I'm only getting a "mkdir(): Permission denied" warning. The thing is: I set the chmod to 777 and even chowned the folder to the user php-fpm should be using (it is using the system user as assigned by plesk, isn't it?). Permission is still denied.

Currently I'm using PHP 5.6.13 (run as PHP-FPM handled by apache) on Debian 8.2 with Plesk 12.5. Creating files/folders inside the vhosts-root-dir is working like a charm.

Is there any other php/apache/linux-security-obstacle I have to bypass to make this work?

Example:
Plesk system user: example-user

.php-File:
Code: 
/var/www/vhosts/example.com/httpdocs # ls -l
-rw-r--r-- 1 example-user psacln 1806 Oct 19 13:26 index.php

And I'm trying to write in this folder ("static"):
Code: 
/var/www/vhosts/other-vhost.com # ls -l
drwxr-xr-x 6 example-user psacln  4096 Oct 19 11:31 static

/etc/php5/fpm/pool.d/example.com.conf (with open_basedir)
Code: 
[example.com]
; Don't override following options, they are relied upon by Plesk internally
prefix = /var/www/vhosts/system/$pool
user = example-user
group = psacln

listen = php-fpm.sock
listen.owner = root
listen.group = psaserv
listen.mode = 0660

; Following options can be overridden
chdir = /

; By default use ondemand spawning (this requires php-fpm >= 5.3.9)
pm = ondemand
pm.max_children = 5
pm.process_idle_timeout = 10s
; Following pm.* options are used only when 'pm = dynamic'
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 1

; Uses for log facility
; If php_value[error_log] is not defined error output will be send for nginx
catch_workers_output = yes

; php.ini custom configuration directives
php_value[max_execution_time] = 60
php_value[display_errors] = on
php_value[max_input_time] = 60
php_value[open_basedir] = "/var/www/vhosts/example.com/:/tmp/:/var/www/vhosts/other-vhost.com/static/"
php_value[error_reporting] = 32759
 
Last edited:
You must log in or register to reply here.

Similar threads

LionKing
Issue PHP Warning: Unknown: open_basedir restriction in effect
Replies
8
Views
7K
Peter Debik
P
H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
1K
Raul A.
R
N
Question open_basedir issue with borlabs cookie
Replies
3
Views
2K
Peter Debik
P
Hangover2
Resolved Disabled PHP "Hosting performance settings management" can be bypassed by using .user.ini or ini_set()
Replies
19
Views
6K
Hangover2
Hangover2
brother4
Issue Intermittent 503 Errors on Plesk Obsidian (Ubuntu 22.04 LTS) with PHP-FPM Crashes - Seeking Advice
Replies
3
Views
13K
brother4
brother4
Back
Top