« Upgrading from Plesk 8.2 to 8.3Incorrect "open_basedir restriction in effect" »

Fixing PHP's require "open_basedir restriction in effect" on Plesk

When moving from Ensim to Plesk I noticed that all my PHP programs stopped working. Every relative pathed file I had added to a require() statement errorred with the message:

open_basedir restriction in effect

I added the current directory (’.') to PHP’s include_path but it didn’t make any difference. After an awful lot of trial and error I worked out that the include_path was being ignored and the open_basedir was being used instead. This is different from the PHP documentation.

The PHP configuration has this whole idea of Local Value and Master Value and unfortunately they do not inherit. If the Local Value is specified and it does not include any of the Master Value’s then those Master Values will not be counted (and vice-versa). Bummer, because Plesk specifies the open_basedir in the configuration specific file for each domain. Double bummer because every time you change a configration option for your domain Plesk overwrites these configuration files, so it means that any changes that you make in there will be lost.

Luckily, Plesk have built in some protection to allow users of virtual hosts to use site specific options for PHP and/or Apache.

Apache’s domain specific configuration file for your domain is located in:

/var/www/vhosts/your.domain/conf/httpd.include

It contains a line to include another virtual hosts specific file. In here we can add the voodoo to take away our require / open_basedir problem by including the current directory in the search path.

Go to the conf directory and create a file called vhost.conf. Use your favourite editor (and if that is not vi or notepad2, you ought to be ashamed of yourself!) to add the following contents:

Code:

<Directory /var/www/vhosts/your.domain/httpdocs>
        <IfModule sapi_apache2.c>
                php_admin_flag engine on
                php_admin_flag safe_mode on
                php_admin_value open_basedir "/var/www/vhosts/your.domain/httpdocs:.:/php:/tmp"
        </IfModule>
        <IfModule mod_php5.c>
                php_admin_flag engine on
                php_admin_flag safe_mode on
                php_admin_value open_basedir "/var/www/vhosts/your.domain/httpdocs:.:/php:/tmp"
        </IfModule>
</Directory>

The new open_basedir contains:

  1. /var/www/vhosts/your.domain/httpdocs and /tmp because they where in the Master Value.
  2. .‘ for the current directory which solves my relative path problems
  3. /php because it contains all the PHP functions which are common to more than one domain. There is another problem with Plesk, Safe Mode, shared include path directories and user permissions, but that’s a blog for another time! If anyone asks nicely then, I’ll write it up.

After making the changes restart the web server, and all should be well.


This entry was posted on December 30th, 2007 at 07:51:40 pm and is filed under Techie. Tags: open_basedir, php, plesk

9 comments

Comment from: Evgeny Fadeev [Visitor]
I've used this method -

enclosing php_admin_flag safe_mode off into <Directory> directive.

to disable PHP safe_mode. and set open_basedir

Don't know why but disabling statement was ineffective in the main section of the httpd.conf

I use PHP 5.1.6/Apache/2.2.3 API version 20051115 (CentOS)
05/31/08 @ 20:34
Comment from: Jon [Visitor]
Email · http://jonathandean.com
Thanks, this was a big help! I didn't include the IfModule parts and it still worked, though I was trying to solve a slightly different problem with the basedir restriction. I created a symlink of an image folder to share between Plesk virtual hosts but it wouldn't let me use file_exists() on its contents. All I needed was to include the original file's path in the open_basedir list.
01/07/09 @ 09:41
Comment from: Rob [Visitor]
Email · http://www.robyallop.com
I have followed the steps above (I even remembered to restart the server on the second attempt ;-) but it has made no difference to the results (see below). I am using Plesk 8.

I tried adding ":/images:/properties" after "...:/tmp" in the following line:

"/var/www/vhosts/your.domain/httpdocs:.:/php:/tmp"

but that either doesn't work or didn't make any difference.

Is it possible to tell from the error code below what modifications might be necessary?

Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/properties/thumb_39312380.jpg) is not within the allowed path(s): (/var/www/vhosts/mydomain.net.nz/httpdocs:/tmp) in /var/www/vhosts/mydomain.net.nz/httpdocs/property_list.php on line 191



Warning: imagejpeg() [function.imagejpeg]: Unable to open 'properties/thumb_39312380.jpg' for writing in /var/www/vhosts/mydomain.net.nz/httpdocs/images/Thumbnail.php on line 196

/properties/thumb_39312380.jpg" />


Thanks,

Rob
02/15/09 @ 01:51
Comment from: Rob [Visitor]
Email · http://www.robyallop.com
I spoke to my server provider support team and they fixed the open_basedir problem by replacing everything in the vhost.conf file with:

<directory /var/www/vhostsrenttoown.net.nz/httpdocs>
php_admin_value open_basedir none
php_admin_flag safe_mode 0
<Directory/>

Obviously most server setups are unique so I presume that's why this worked for me and your solution worked for you.

Cheers,

Rob
02/15/09 @ 09:41
Comment from: çiçekçi [Visitor]
Email · http://www.cicekclub.com
i wonder how can i change open basedir in my htacces file ?
02/16/09 @ 22:25
Comment from: David Newcomb [Member]
Email
By using an editor?
02/17/09 @ 10:12
Comment from: Slavi [Visitor]
Email · http://devcha.com
@Evgeny Fadeev
------
Don't know why but disabling statement was ineffective in the main section of the httpd.conf
------

It seems each /conf/httpd.include lists allowed directories for open basedir. That's done for each vhost.
11/27/09 @ 16:54
Comment from: çiçekçi [Visitor]
· http://www.nettencicek.com
Many thanks
01/28/10 @ 16:23
Comment from: çiçekçi [Visitor]
· http://www.cicekdiyari.com
thanks for your comments...
03/11/10 @ 17:45

Leave a comment


Your email address will not be revealed on this site.

Your URL will be displayed.
(Line breaks become <br />)
(Name, email & website)
(Allow users to contact you through a message form (your email will not be revealed.)
Please enter "notspam" (without the quotes) in the box below
antispam test