What is open_basedir for and how to use open_basedir

The open_basedir directive is specified in the PHP configuration file (php.ini) and sets the directories that PHP can access. Access refers to any actions with files: opening (for example, fopen() or gzopen()), writing and executing. If the open_basedir directive is set and an attempt is made to run a file that is outside the listed directories, the script will not run and will generate an error:

[Wed Apr 1 13:11:34 2020] PHP Warning: Unknown: open_basedir restriction in effect. File(/usr/share/seeker/template/nearyou/php/info.php) is not within the allowed path(s): (/srv/http/:/etc/webapps/:/usr/share/webapps/:/tmp/:/home/mial/) in Unknown on line 0

An example of the value of open_basedir:

open_basedir = /srv/http/:/etc/webapps/:/usr/share/webapps/:/tmp/:/home/mial/

In this example, PHP scripts are allowed to run, as well as operations with files in directories:

  • /srv/http/
  • /etc/webapps/
  • /usr/share/webapps/
  • /tmp/
  • /home/mial/

The open_basedir directive affects many functions. It makes most sense when used at the level of web server configuration files at the level of directories or virtual hosts.

By default, if the open_basedir value is not set, file operations are allowed in any directories on the computer (for which there are sufficient file permissions).

The open_basedir option can be extended to more than just functions for working with the filesystem; for example, if MySQL is configured to use the mysqlnd driver, then LOAD DATA INFILE is controlled by the open_basedir option. Many PHP functions also use open_basedir.

Special meaning . (dot) indicates that the script's working directory will be used as the base directory. However, this is a little dangerous, as the current directory of the script can be easily changed with chdir().

In httpd.conf, open_basedir can be turned off (for example, for some virtual hosts) in the same way as any other configuration directive:

php_admin_value open_basedir none

On Windows, separate directories with ; (semicolon). On all other systems, separate directories with : (colon). When running as an Apache module, open_basedir paths are automatically inherited from parent directories.

Leave Your Observation

Your email address will not be published. Required fields are marked *