I'm using mod_vhost_alias and want to set dynamically open_basedir for each user. Something like
php_admin_value open_basedir /var/www/vhosts/%1
But it doesn't work. Because I have a lot of virtual hosts (4000-5000) mod_macro does not suit me.
I'm trying to apply this patch http://wiki.preshweb.co.uk/doku.php?id=apache:securemassvhosting
But with no success. Any suggestions?
You can use auto_prepend option in php.ini to supply script that will be executed first. There you can setup open_basedir via ini_set() function based on contents of $_SERVER array.
May be somebody would be interested. I have successfully changed the patch (http://www.phpbuilder.com/lists/php-developer-list/2000101/0994.php)
*** main/fopen_wrappers.c 2010-04-22 01:22:31.000000000 +0300
--- main/fopen_wrappers.c 2012-03-14 17:22:49.130299133 +0200
***************
*** 145,156 ****
--- 145,168 ----
char resolved_name[MAXPATHLEN];
char resolved_basedir[MAXPATHLEN];
char local_open_basedir[MAXPATHLEN];
+ char *local_open_basedir_sub; /* Substring pointer for strstr */
char path_tmp[MAXPATHLEN];
char *path_file;
int resolved_basedir_len;
int resolved_name_len;
int path_len;
int nesting_level = 0;
+
+ /* Special case for VIRTUAL_DOCUMENT_ROOT in the open_basedir value, which gets changed to the document root */
+ if ((strncmp(basedir, "VIRTUAL_DOCUMENT_ROOT", strlen("VIRTUAL_DOCUMENT_ROOT")) == 0) && SG(request_info).path_translated && *SG(request_info).path_translated )
+ {
+ strlcpy(local_open_basedir, SG(request_info).path_translated, sizeof(local_open_basedir));
+
+ local_open_basedir_sub=strstr(local_open_basedir,SG(request_info).request_uri);
+ /* Now insert null to break apart the string */
+ if (local_open_basedir_sub) *local_open_basedir_sub = '\0';
+
+ } else
/* Special case basedir==".": Use script-directory */
if (strcmp(basedir, ".") || !VCWD_GETCWD(local_open_basedir, MAXPATHLEN)) {
It was tested with php-5.3.10 and it's worked great.