| « Upgrading from Plesk 8.2 to 8.3 | Incorrect "open_basedir restriction in effect" » |
Fixing PHP's require "open_basedir restriction in effect" on Plesk
December 30th, 2007When moving from Ensim to Plesk I noticed that all my PHP programs stopped working. Every relative pathed file I had added to a require() statement error’ed with the message:
open_basedir restriction in effect
I added the current directory (’.') to PHP’s include_path but it didn’t make any difference. After an awful lot of trial and error I worked out that the include_path was being ignored and the open_basedir was being used instead. This is different from the PHP documentation.
The PHP configuration has this whole idea of Local Value and Master Value and unfortunately they do not inherit. If the Local Value is specified and it does not include any of the Master Value’s then those Master Values will not be counted (and vice-versa). Bummer, because Plesk specifies the open_basedir in the configuration specific file for each domain. Double bummer because every time you change a configration option for your domain Plesk overwrites these configuration files, so it means that any changes that you make in there will be lost.
Luckily, Plesk have built in some protection to allow users of virtual hosts to use site specific options for PHP and/or Apache.
Apache’s domain specific configuration file for your domain is located in:
/var/www/vhosts/your.domain/conf/httpd.include
It contains a line to include another virtual host’s specific file. In here we can add the voodoo to take away our require / open_basedir problem by including the current directory in the search path.
Go to the conf directory and create a file called vhost.conf. Use your favourite editor (and if that is not vi or notepad2, you ought to be ashamed of yourself!) to add the following contents:
Code:
<Directory /var/www/vhosts/your.domain/httpdocs> | |
<IfModule sapi_apache2.c> | |
php_admin_flag engine on | |
php_admin_flag safe_mode on | |
php_admin_value open_basedir "/var/www/vhosts/your.domain/httpdocs:.:/php:/tmp" | |
</IfModule> | |
<IfModule mod_php5.c> | |
php_admin_flag engine on | |
php_admin_flag safe_mode on | |
php_admin_value open_basedir "/var/www/vhosts/your.domain/httpdocs:.:/php:/tmp" | |
</IfModule> | |
</Directory> |
The new open_basedir contains:
/var/www/vhosts/your.domain/httpdocsand/tmpbecause they where in the Master Value.- ‘
.‘ for the current directory which solves my relative path problems /phpbecause it contains all the PHP functions which are common to more than one domain. There is another problem with Plesk, Safe Mode, shared include path directories and user permissions, but that’s a blog for another time! If anyone asks nicely then, I’ll write it up.
After making the changes restart the web server, and all should be well.
18 comments
I've used this method -enclosing php_admin_flag safe_mode off into <Directory> directive.
to disable PHP safe_mode. and set open_basedir
Don't know why but disabling statement was ineffective in the main section of the httpd.conf
I use PHP 5.1.6/Apache/2.2.3 API version 20051115 (CentOS)
Thanks, this was a big help! I didn't include the IfModule parts and it still worked, though I was trying to solve a slightly different problem with the basedir restriction. I created a symlink of an image folder to share between Plesk virtual hosts but it wouldn't let me use file_exists() on its contents. All I needed was to include the original file's path in the open_basedir list. 
I have followed the steps above (I even remembered to restart the server on the second attempt ;-) but it has made no difference to the results (see below). I am using Plesk 8.I tried adding ":/images:/properties" after "...:/tmp" in the following line:
"/var/www/vhosts/your.domain/httpdocs:.:/php:/tmp"
but that either doesn't work or didn't make any difference.
Is it possible to tell from the error code below what modifications might be necessary?
Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/properties/thumb_39312380.jpg) is not within the allowed path(s): (/var/www/vhosts/mydomain.net.nz/httpdocs:/tmp) in /var/www/vhosts/mydomain.net.nz/httpdocs/property_list.php on line 191
Warning: imagejpeg() [function.imagejpeg]: Unable to open 'properties/thumb_39312380.jpg' for writing in /var/www/vhosts/mydomain.net.nz/httpdocs/images/Thumbnail.php on line 196
/properties/thumb_39312380.jpg" />
Thanks,
Rob
I spoke to my server provider support team and they fixed the open_basedir problem by replacing everything in the vhost.conf file with:<directory /var/www/vhostsrenttoown.net.nz/httpdocs>
php_admin_value open_basedir none
php_admin_flag safe_mode 0
<Directory/>
Obviously most server setups are unique so I presume that's why this worked for me and your solution worked for you.
Cheers,
Rob
i wonder how can i change open basedir in my htacces file ? 
@Evgeny Fadeev ------
Don't know why but disabling statement was ineffective in the main section of the httpd.conf
------
It seems each /conf/httpd.include lists allowed directories for open basedir. That's done for each vhost.
Many thanks 
thanks for your comments... 
Thanks!!! We recently upgraded our platform to Plesk 10 and this thread made my day :) 
Thanks, you solved my apache issue even though I was not using plesk. 
That's a great tip. Fixed my subdomain problem straight away. Although I didn't restart the whole Apache server (I've got a few sites on the same box); I just ran /usr/local/psa/admin/sbin/websrvmng --reconfigure-vhost --vhost-name=your.domain
Restarting apache didn't seem to work for me for some reason, however Rich Mehta's tip did. The only problem was the websrvmng was "obsolete" so I had to use/usr/local/psa/admin/sbin/httpdmng --reconfigure-domain your.domain
Yeah, this worked for me too on Plesk 8.6 by simply appending the appropriate directory (i.e. ./:/tmp:/var/tmp)Then restarted the web server:
service httpd restartOr for those of you without the service wrapper, try this:
/etc/init.d/httpd restart
thank you admin 
excuse me does anybody have same problem in windows
what is the solution for IIS server
include_path has nothing to do with open_basedir (or security). I don't think there's a manual page that suggests the opposite. 
@Álvaro, That may be true but like I said in the article I worked it out using trial and error.This article is about Plesk systems and they often do unpredictable things which is probably why this article is one of my most popular blog entries.
Comment feed for this post
