Upgraded to PHP 5.3: Suddenly open_basedir restriction warnings appear

Written by - 0 comments

Published on - Listed in PHP Linux

If PHP 5.3 is used in combination with open_basedir (e.g. per vhost), something seems to have changed in the code. On my test websites I received plenty of open_basedir restrition warnings. Even if I didn't include or use a file out of the defined paths.

Additionally the warnings in the logs appear to make no sense, as no detail on the file is given (Unknown on line 0 ??):

[Wed Aug 03 14:38:01 2011] [error] [client x.x.x.x] PHP Warning:  Unknown: open_basedir restriction in effect. File() is not within the allowed path(s): (/var/www/ck:/var/www/phptmp/) in Unknown on line 0

A quick research revealed that eaccelerator (as PHP extension) is responsible for all these errors. As soon as I deactivated eaccelerator, the warnings disappeared.

The solution is to compile eaccelerator with the option --without-eaccelerator-use-inode:

# cd eaccelerator-
# phpize
# ./configure --enable-eaccelerator=shared --without-eaccelerator-use-inode
# make
# make install

Update concerning sessions: Another important discovery was that all Sessions didn't work. It was necessary to tell each vhost which folder to use as sessions.save.path:

  php_admin_value session.save_path /var/www/phptmp/

In PHP 5.2 the sessions were stored in /tmp; it was not necessary to add /tmp to the open_basedir value. Now in PHP 5.3 this 'security issue' seems to be gone and therefore open_basedir or session.save_path need to be adapted.

Update April 11th, 2012:
By accident I came across the same warnings on a PHP 5.2 installation, so these messages are not to a 100% related to PHP 5.3.
However what is strange is that these error messages only appeared once I deactivated ZendOptimizer from the PHP 5.2 php.ini configuration. As soon as I reactivated ZendOptimizer the errors disappeared and the websites were shown normally. There seems to be a big interference between ZendOptimizer and eAccelerator.
The solution is the same on PHP 5.2 and 5.3: To reconfigure eaccelerator (see above).

Add a comment

Show form to leave a comment

Comments (newest first)

No comments yet.

RSS feed

Blog Tags:

  AWS   Android   Ansible   Apache   Apple   Atlassian   BSD   Backup   Bash   Bluecoat   CMS   Chef   Cloud   Coding   Consul   Containers   CouchDB   DB   DNS   Database   Databases   Docker   ELK   Elasticsearch   Filebeat   FreeBSD   Galera   Git   GlusterFS   Grafana   Graphics   HAProxy   HTML   Hacks   Hardware   Icinga   Influx   Internet   Java   KVM   Kibana   Kodi   Kubernetes   LVM   LXC   Linux   Logstash   Mac   Macintosh   Mail   MariaDB   Minio   MongoDB   Monitoring   Multimedia   MySQL   NFS   Nagios   Network   Nginx   OSSEC   OTRS   Office   PGSQL   PHP   Perl   Personal   PostgreSQL   Postgres   PowerDNS   Proxmox   Proxy   Python   Rancher   Rant   Redis   Roundcube   SSL   Samba   Seafile   Security   Shell   SmartOS   Solaris   Surveillance   Systemd   TLS   Tomcat   Ubuntu   Unix   VMWare   VMware   Varnish   Virtualization   Windows   Wireless   Wordpress   Wyse   ZFS   Zoneminder