Upgraded to PHP 5.3: Suddenly open_basedir restriction warnings appear

Written by - 0 comments

Published on - Listed in PHP Linux

If PHP 5.3 is used in combination with open_basedir (e.g. per vhost), something seems to have changed in the code. On my test websites I received plenty of open_basedir restrition warnings. Even if I didn't include or use a file out of the defined paths.

Additionally the warnings in the logs appear to make no sense, as no detail on the file is given (Unknown on line 0 ??):

[Wed Aug 03 14:38:01 2011] [error] [client x.x.x.x] PHP Warning:  Unknown: open_basedir restriction in effect. File() is not within the allowed path(s): (/var/www/ck:/var/www/phptmp/) in Unknown on line 0

A quick research revealed that eaccelerator (as PHP extension) is responsible for all these errors. As soon as I deactivated eaccelerator, the warnings disappeared.

The solution is to compile eaccelerator with the option --without-eaccelerator-use-inode:

# cd eaccelerator-
# phpize
# ./configure --enable-eaccelerator=shared --without-eaccelerator-use-inode
# make
# make install

Update concerning sessions: Another important discovery was that all Sessions didn't work. It was necessary to tell each vhost which folder to use as sessions.save.path:

  php_admin_value session.save_path /var/www/phptmp/

In PHP 5.2 the sessions were stored in /tmp; it was not necessary to add /tmp to the open_basedir value. Now in PHP 5.3 this 'security issue' seems to be gone and therefore open_basedir or session.save_path need to be adapted.

Update April 11th, 2012:
By accident I came across the same warnings on a PHP 5.2 installation, so these messages are not to a 100% related to PHP 5.3.
However what is strange is that these error messages only appeared once I deactivated ZendOptimizer from the PHP 5.2 php.ini configuration. As soon as I reactivated ZendOptimizer the errors disappeared and the websites were shown normally. There seems to be a big interference between ZendOptimizer and eAccelerator.
The solution is the same on PHP 5.2 and 5.3: To reconfigure eaccelerator (see above).

Add a comment

Show form to leave a comment

Comments (newest first)

No comments yet.