If PHP 5.3 is used in combination with open_basedir (e.g. per vhost), something seems to have changed in the code. On my test websites I received plenty of open_basedir restrition warnings. Even if I didn't include or use a file out of the defined paths.
Additionally the warnings in the logs appear to make no sense, as no detail on the file is given (Unknown on line 0 ??):
[Wed Aug 03 14:38:01 2011] [error] [client x.x.x.x] PHP Warning: Unknown: open_basedir restriction in effect. File() is not within the allowed path(s): (/var/www/ck:/var/www/phptmp/) in Unknown on line 0
A quick research revealed that eaccelerator (as PHP extension) is responsible for all these errors. As soon as I deactivated eaccelerator, the warnings disappeared.
The solution is to compile eaccelerator with the option --without-eaccelerator-use-inode:
# cd eaccelerator-0.9.6.1
# ./configure --enable-eaccelerator=shared --without-eaccelerator-use-inode
# make install
Update concerning sessions: Another important discovery was that all Sessions didn't work. It was necessary to tell each vhost which folder to use as sessions.save.path:
php_admin_value session.save_path /var/www/phptmp/
In PHP 5.2 the sessions were stored in /tmp; it was not necessary to add /tmp to the open_basedir value. Now in PHP 5.3 this 'security issue' seems to be gone and therefore open_basedir or session.save_path need to be adapted.
Update April 11th, 2012:
By accident I came across the same warnings on a PHP 5.2 installation, so these messages are not to a 100% related to PHP 5.3.
However what is strange is that these error messages only appeared once I deactivated ZendOptimizer from the PHP 5.2 php.ini configuration. As soon as I reactivated ZendOptimizer the errors disappeared and the websites were shown normally. There seems to be a big interference between ZendOptimizer and eAccelerator.
The solution is the same on PHP 5.2 and 5.3: To reconfigure eaccelerator (see above).
No comments yet.
Personal Internet VMware PHP Linux Shell Bluecoat Proxy Windows Hardware Virtualization Nagios MySQL DB Monitoring Mail Android Network Wyse Hacks Tomcat Postgres Apple Mac Surveillance Backup BSD ZFS Solaris SmartOS Unix Multimedia Perl Database MongoDB CMS OTRS FreeBSD Wordpress LXC Nginx Proxmox DNS Graphics PowerDNS GlusterFS Security Chef HAProxy Icinga Ansible HTML MariaDB ELK Elasticsearch Containers Rancher Docker AWS Kibana Logstash Filebeat Varnish PGSQL PostgreSQL ElasticSearch CouchDB Bash Macintosh Container Minio Grafana InfluxDB Databases NFS OSSEC SystemD Java Zoneminder SSL TLS Icingaweb2 Cloud Wireless Kubernetes Ubuntu