Multiple Directories w/ PHP open_basedir

I’ve been using PHP’s open_basedir function since I first setup my server, several years ago. It’s a really useful function for securing your servers, although it isn’t perfect. For years, I’ve had problems with the temporary directory not being accessible. Of course, it was a simple fix to use

php_admin_value     open_basedir /var/www/vhosts/saebermedia.com
php_admin_value     upload_tmp_dir /var/www/vhosts/saebermedia.com/.tmp

In my server’s virtual host config file. This changed the location of the /tmp/ directory to be within the allowed path. This worked well for most applications, but certain things still tried to use /tmp or had to use /tmp/, and it was a pain to work around this issue. Not to long ago, I discovered that you can actually specify multiple paths in your open_basedir directive, solving this problem completely. I had looked before, and I never found anything. In fact, I found a few forums stating it was impossible! It’s actually as simple as this:

php_admin_value     open_basedir /var/www/vhosts/saebermedia.com/:/tmp/

Now, two things to note. If you don’t put a trailing slash at the end of your path, you are actually just giving the directory prefix (Fixed in PHP 5.3.4+). /my-dir will match /my-dir/ and /my-directory/ and /my-dirt/. So that trailing / is quite important.

Also, this if for UNIX based systems. For anyone out there running Windows, you’ll have to separate directories using a semi-colon (;) not a colon (:).

Reference:

http://www.php.net/manual/en/ini.core.php#ini.open-basedir

7 Replies to “Multiple Directories w/ PHP open_basedir”

  1. THanks. Well explained

  2. But, keep in mind that sometimes it may cause a problems when using namespaces and php autoloader.
    When secureing a folder inside a script for file writing, deleting etc, then you cannot autoload from outside

  3. Nice to find confirmation that it can be done like this. You made me smile with relief (reconfiguring whole server after setting up upload ans session dirs for each user outside open_basedir could be a little pain).

  4. Very useful! Thanks for sharing!

  5. […] you can use the PATH_SEPARATOR     另外看到了另外一种设置临时目录的方法: http://brandonwamboldt.ca/multiple-directories-w-php-open_basedir-540/     php_admin_value open_basedir /var/www/vhosts/saebermedia.com     php_admin_value […]

  6. Very nice, exactly what i was searching for.

Leave a Reply