What is open_basedir for and how to use open_basedir
March 15, 2021
The open_basedir directive is specified in the PHP configuration file (php.ini) and sets the directories that PHP can access. Access refers to any actions with files: opening (for example, fopen() or gzopen()), writing and executing. If the open_basedir directive is set and an attempt is made to run a file that is outside the listed directories, the script will not run and will generate an error:
[Wed Apr 1 13:11:34 2020] PHP Warning: Unknown: open_basedir restriction in effect. File(/usr/share/seeker/template/nearyou/php/info.php) is not within the allowed path(s): (/srv/http/:/etc/webapps/:/usr/share/webapps/:/tmp/:/home/mial/) in Unknown on line 0
An example of the value of open_basedir:
open_basedir = /srv/http/:/etc/webapps/:/usr/share/webapps/:/tmp/:/home/mial/
In this example, PHP scripts are allowed to run, as well as operations with files in directories:
- /srv/http/
- /etc/webapps/
- /usr/share/webapps/
- /tmp/
- /home/mial/
The open_basedir directive affects many functions. It makes most sense when used at the level of web server configuration files at the level of directories or virtual hosts.
By default, if the open_basedir value is not set, file operations are allowed in any directories on the computer (for which there are sufficient file permissions).
The open_basedir option can be extended to more than just functions for working with the filesystem; for example, if MySQL is configured to use the mysqlnd driver, then LOAD DATA INFILE is controlled by the open_basedir option. Many PHP functions also use open_basedir.
Special meaning . (dot) indicates that the script's working directory will be used as the base directory. However, this is a little dangerous, as the current directory of the script can be easily changed with chdir().
In httpd.conf, open_basedir can be turned off (for example, for some virtual hosts) in the same way as any other configuration directive:
php_admin_value open_basedir none
On Windows, separate directories with ; (semicolon). On all other systems, separate directories with : (colon). When running as an Apache module, open_basedir paths are automatically inherited from parent directories.
Related articles:
- How to install Apache web server with PHP, MySQL and phpMyAdmin on Windows (100%)
- Configuring Apache Web Server to Run Perl Programs on Windows (89.1%)
- How to fix “Configuration File (php.ini) Path” no value (SOLVED) (81.8%)
- How to show all errors in PHP 8 (81.8%)
- Apache window appears and immediately disappears (SOLVED) (70.9%)
- Basics of launching and using command line utilities in Windows (RANDOM - 50%)