If PHP 5.3 is used in combination with open_basedir (e.g. per vhost), something seems to have changed in the code. On my test websites I received plenty of open_basedir restrition warnings. Even if I didn't include or use a file out of the defined paths.
Additionally the warnings in the logs appear to make no sense, as no detail on the file is given (Unknown on line 0 ??):
[Wed Aug 03 14:38:01 2011] [error] [client x.x.x.x] PHP Warning: Unknown: open_basedir restriction in effect. File() is not within the allowed path(s): (/var/www/ck:/var/www/phptmp/) in Unknown on line 0
A quick research revealed that eaccelerator (as PHP extension) is responsible for all these errors. As soon as I deactivated eaccelerator, the warnings disappeared.
The solution is to compile eaccelerator with the option --without-eaccelerator-use-inode:
# cd eaccelerator-0.9.6.1
# ./configure --enable-eaccelerator=shared --without-eaccelerator-use-inode
# make install
Update concerning sessions: Another important discovery was that all Sessions didn't work. It was necessary to tell each vhost which folder to use as sessions.save.path:
php_admin_value session.save_path /var/www/phptmp/
In PHP 5.2 the sessions were stored in /tmp; it was not necessary to add /tmp to the open_basedir value. Now in PHP 5.3 this 'security issue' seems to be gone and therefore open_basedir or session.save_path need to be adapted.
Update April 11th, 2012:
By accident I came across the same warnings on a PHP 5.2 installation, so these messages are not to a 100% related to PHP 5.3.
However what is strange is that these error messages only appeared once I deactivated ZendOptimizer from the PHP 5.2 php.ini configuration. As soon as I reactivated ZendOptimizer the errors disappeared and the websites were shown normally. There seems to be a big interference between ZendOptimizer and eAccelerator.
The solution is the same on PHP 5.2 and 5.3: To reconfigure eaccelerator (see above).
No comments yet.
AWS Android Ansible Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Consul Container Containers CouchDB DB DNS Database Databases Docker ELK ElasticSearch Elasticsearch Filebeat FreeBSD GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb2 InfluxDB Internet Java Kibana Kubernetes LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Rancher SSL Security Shell SmartOS Solaris Surveillance SystemD TLS Tomcat Ubuntu Unix VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder