22

open_basedir limits the files that can be opened by PHP within a directory-tree.

I am storing several class libraries and configuration files outside of my web root directory. This way the web server does not make them publicly accessible. However when I try to include them from my application I get an open_basedir restriction error like this:

Warning: realpath() [function.realpath]: open_basedir restriction in effect. File(/var/www/vhosts/domain.tld/zend/application) is not within the allowed path(s): (/var/www/vhosts/domain.tld/httpdocs:/tmp) in /var/www/vhosts/domain.tld/httpdocs/index.php on line 5

My web root is here:

/var/www/vhosts/domain.tld/httpdocs

My libraries and configuration directory are here:

/var/www/vhosts/domain.tld/zend

What would be the best workaround to relax the open_basedir restriction so that the the directory tree under the domain folder becomes available to my application? I have a number of domains that I want to do this with, and I'm also obviously wary of creating security vulnerabilities.

Note: I am using CentOS, Apache, Plesk, and I have root ssh access to the server. And though this doesn't apply to Zend Framework directly, I am using it in this instance. So here is the inclusion from Zend's bootstrap:

define('APPLICATION_PATH', realpath(dirname(__FILE__) . '/../zend/application/'));
set_include_path(APPLICATION_PATH . '/../zend/library' . PATH_SEPARATOR . get_include_path());
blee
  • 566
  • 3
  • 6
  • 14

3 Answers3

21

You can also do this easily on a per-directory basis using the Apache (assuming this is your web server) configuration file (e.g. httpd.conf)

<Directory /var/www/vhosts/domain.tld/httpdocs>
php_admin_value open_basedir "/var/www/vhosts/domain.tld/httpdocs:/var/www/vhosts/domain.tld/zend"
</Directory>

you can also completely remove the restriction with

<Directory /var/www/vhosts/domain.tld/httpdocs>
php_admin_value open_basedir none
</Directory>
Tom Haigh
  • 57,217
  • 21
  • 114
  • 142
  • 6
    If the op is running plesk he'll need to be slightly more special than that: http://www.toosweettobesour.com/2008/02/02/plesk-open_basedir-workaround/ – dcousineau Oct 21 '08 at 22:53
  • tom: Wouldn't removing the restriction entirely create a security vulnerability? dcousineau: thanks! – blee Oct 22 '08 at 00:09
  • Brian: You would be only removing the restriction for php files being run from /var/www/vhosts/domain.tld/httpdocs , but yes the first option is better – Tom Haigh Oct 22 '08 at 08:16
  • php_admin_value open_basedir none solved my problem. Thanks – Alireza Saremi Apr 17 '19 at 04:49
2

add the paths you need to access to (/var/www/vhosts/domain.tld/zend) to your open_basedir directive (you can specify several paths using the path separator ':' or ';' in windows)

note that the values in the open_basedir are prefixes, which means that anything under the /var/www/vhosts/domain.tld/zend will be accessible

user27987
  • 219
  • 1
  • 3
1

In Parallels Plesk Panel (e.g. 1and1) you can do it in the PHP panel settings:

enter image description here

here:

enter image description here

Igor Parra
  • 10,214
  • 10
  • 69
  • 101