Hi, I have setup an apache (SUExec/fcgi) with the help of ISPConfig3. In order to find a suitable solution I started off with the typo3 sources within the webserver directory. When I try calling the typo3 backend I get the following error: Code: [B]Warning:[/B] fopen() [function.fopen]: open_basedir restriction in effect. File(/var/www/BLABLA/web/typo3temp/llxml/misc.xml_f45d73fa32.de.iso-8859-1.cache) is not within the allowed path(s): (/var/www/BLABLA/:/var/www/clients/client2/web2/) in /var/www/clients/client2/web2/web/t3lib/class.t3lib_div.php on line 2752 [B]Warning:[/B] fopen(/var/www/BLABLA/web/typo3temp/llxml/misc.xml_f45d73fa32.de.iso-8859-1.cache) [function.fopen]: failed to open stream: Operation not permitted in /var/www/clients/client2/web2/web/t3lib/class.t3lib_div.php on line 2752 ERROR: File not written to disk! Write permission error in filesystem? Clearly this error message contradicts itself since the file in question is in the directory that is defined in the open_basedir statement. Any ideas?
addendum: my config files /etc/apache2/sites-available/BLABLA.vhost: Code: <Directory /var/www/BLABLA> AllowOverride None Order Deny,Allow Deny from all </Directory> <VirtualHost *:80> DocumentRoot /var/www/BLABLA/web ServerName BLABLA ServerAdmin webmaster@BLABLA ErrorLog /var/log/ispconfig/httpd/BLABLA/error.log ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 503 /error/503.html <Directory /var/www/BLABLA/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client2/web2/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # cgi enabled <Directory /var/www/clients/client2/web2/cgi-bin> Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ /var/www/clients/client2/web2/cgi-bin/ AddHandler cgi-script .cgi AddHandler cgi-script .pl # suexec enabled SuexecUserGroup web2 client2 # php as fast-cgi enabled <Directory /var/www/BLABLA/web> AddHandler fcgid-script .php .php3 .php4 .php5 FCGIWrapper /var/www/php-fcgi-scripts/web2/.php-fcgi-starter .php Options +ExecCGI AllowOverride all Order allow,deny Allow from all </Directory> </VirtualHost> /var/www/php-fcgi-scripts/web2/.php-fcgi-starter Code: #!/bin/sh PHPRC="/etc/php5/cgi/" export PHPRC PHP_DOCUMENT_ROOT="/var/www/clients/client2/web2" export PHP_DOCUMENT_ROOT # The variable PHP_FCGI_CHILDREN is onyl useful for lighty or nginx as apache # mod_fcgi will control the number of childs themself and never use the additional processes. # PHP_FCGI_CHILDREN=8 # export PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=5000 export PHP_FCGI_MAX_REQUESTS exec /usr/bin/php-cgi \ -d open_basedir=[COLOR="#008000"]/var/www/BLABLA/:[/COLOR]/var/www/clients/client2/web2/ \ -d upload_tmp_dir=/var/www/clients/client2/web2/tmp \ -d session.save_path=/var/www/clients/client2/web2/tmp \ [COLOR="Green"]-d memory_limit="64M" \ -d IPCCommTimeout=60 \[/COLOR] $1 (the green parts are manually changed by me) Code: server:/var/www/clients/client2/web2/web# [B]ls -l[/B] total 368 drwxr-xr-x 2 web2 client0 111 2010-02-26 18:44 error drwxr-xr-x 7 web2 client0 4096 2010-03-03 22:22 fileadmin -rw-r--r-- 1 web2 client0 18348 2008-01-29 11:27 GPL.txt -rw-r--r-- 1 web2 client0 13 2008-02-08 11:01 index.htm -rw-r--r-- 1 web2 client0 2903 2008-01-29 11:27 index.php drwxr-xr-x 3 web2 client0 4096 2010-03-02 18:32 misc -rwxr-xr-- 1 web2 client0 34 2010-02-26 18:44 robots.txt drwxr-xr-x 2 web2 client0 4096 2010-03-03 00:30 stats drwxr-xr-x 7 web2 client0 4096 2010-03-03 19:06 t3lib drwxr-xr-x 13 web2 client0 4096 2010-03-03 11:21 typo3 drwxrwxrwx 5 web2 client0 4096 2010-03-03 22:22 typo3conf drwxrwxrwx 11 web2 client0 20480 2010-03-03 22:22 typo3temp drwxr-xr-x 14 web2 client0 4096 2010-03-03 22:22 uploads
The permissions do not look right. It seems as if you moved the site to another client without changing the owner of the files. Please post the output of: ls -la /var/www/clients/client2/web2/web
yes, I just saw that the group rights were not correct and changed them to client2. unfortunately that gave me the same results. anyway here is the results of ls -la /var/www/clients/client2/web2/web Code: -rw-r--r-- 1 web2 client2 215227 2008-01-29 11:27 ChangeLog -rw-r--r-- 1 web2 client2 4690 2008-03-07 17:08 dmailerd.php drwxr-xr-x 2 web2 client2 111 2010-02-26 18:44 error drwxr-xr-x 7 web2 client2 4096 2010-03-03 22:22 fileadmin -rw-r--r-- 1 web2 client2 18348 2008-01-29 11:27 GPL.txt -rw-r--r-- 1 web2 client2 535 2010-03-03 14:30 .htaccess -rw-r--r-- 1 web2 client2 13 2008-02-08 11:01 index.htm -rw-r--r-- 1 web2 client2 2903 2008-01-29 11:27 index.php drwxr-xr-x 3 web2 client2 4096 2010-03-02 18:32 misc -rwxr-xr-- 1 web2 client2 34 2010-02-26 18:44 robots.txt drwxr-xr-x 2 web2 client2 4096 2010-03-03 00:30 stats drwxr-xr-x 7 web2 client2 4096 2010-03-03 19:06 t3lib drwxr-xr-x 13 web2 client2 4096 2010-03-03 11:21 typo3 drwxrwxrwx 5 web2 client2 4096 2010-03-03 22:22 typo3conf drwxrwxrwx 11 web2 client2 20480 2010-03-03 22:22 typo3temp drwxr-xr-x 14 web2 client2 4096 2010-03-03 22:22 uploads
I took a look at my suexec.log: Code: [2010-03-04 19:33:10]: uid: (5005/web4) gid: (5008/5008) cmd: .php-fcgi-starter The thing that caught my eye is the "mismatch" of the uid. (5005 and web4 are the same user) Could that be the problem? And if so, where does it stem from?
The log line looks fine. You should install a phpinfo file and check the open basedir setting with it.
The open_basedir entry in the phpinfo shows exactly what it is supposed to: /var/www/BLABLA:/var/www/clients/client4/web4 (Don't worry about "client4/web4". I have setup a new webs, just to be on the safe side.)
Do you use the symlinked setup in typo3? In this case it might be that some symlinks are wrong. I have several typo3 installs on my server and never had a problem with installing them, but I always use the setup without symlinks.
It was my intention to do that, but in order to locate the problem I changed it to the regular install without symlinks. I tried without open_basedir. That works fine. I'm just not sure if I the risk is to high.
In your posts you replaced your domain with BLABLA so I can not see if the paths are really correct. Please make sure that BLABLA is a normal domain name like example.com completely in lower case. Linux is case sensitive, so a path /var/www/Domain.com/ is a completely different directory then /var/www/domain.com/
Yes, I am aware of that. Capitals seemed to be a good way to emphasize that it is just a placeholder.
Did the chmod in an act of desparation a while ago. Sadly no change. One step closer: The problem seems to be that the process can not create a file with fopen($file,'wb') If the targeted file exists than there is no problem.
Then it must be a permission problem of that directory. Please post the output of: ls -la /var/www/BLABLA/web/typo3temp/llxml/
I think I am ok there: Code: server:/# ls -la /var/www/BLABLA/web/typo3temp/llxml/ | more total 12152 drwxrwxrwx 2 web4 client4 98304 2010-03-03 22:22 . drwxrwxrwx 11 web4 client4 20480 2010-03-03 22:22 .. -rwxrwxrwx 1 web4 client4 915 2008-10-22 15:57 alt_doc.xml_252cd6585d.default.iso-8859-1.cache -rwxrwxrwx 1 web4 client4 979 2008-02-12 13:10 alt_doc.xml_252cd6585d.de.iso-8859-1.cache -rwxrwxrwx 1 web4 client4 979 2008-01-29 11:36 alt_doc.xml_2ab5fdf6ac.de.iso-8859-1.cache . . and so on
Ok, it seems to reject only absolute paths. It works fine with relative paths. But since I really do not intend to rewrite the TYPO3 sources I am going to accept my fate and go without open_basedir for now. I will let you know when I find a real solution. Thanks for bearing with me for so long.
If you use the symlink setup, in ISPConfig3 you need extend the content of the php-openbasedir line for the website with: :/var/www/typo3_src-4.3.3 In case your TYPO3 version 4.3.3 source is at /var/www/typo3_src-4.3.3. Then you can run TYPO3 with a central source with FAST-CGI enabled for example.
