Hello, I am running perfect server 3.2 on ubuntu 20.04 I install 2 nextcloud websites on 2 different servers : - server 1. is related to client0 = admin, - server 2. is related to client1 I had issues with jailkit. So, on that server, installation is 'perfect server without jailkit' On both I installed CollaboraOnLine/RichdocumentsCode (it is an addon), but behavior is different. On server 2, it doesn't work : php-fpm is trying to acces a process outside Openbasedir : /proc/number I dig on CollaboraOnLine/RichdocumentsCode obviously, on server differences also... I want also to dig a little bit on ispconfig side : I wonder what are the differences between a website related to client0 and a website related to client1 ? My initial thought was differences are very small (naming) but may be there are others ?
Add /proc/number to the open_basedir restrictions for that site. (Side note: /proc is not mounted inside a jail, so running php-fpm in chroot mode would not work with this.) In your case, they are on different servers (so could potentially be very different config you set up), and it sounds like one is using jailkit while the other is not.
It tested it. It works well ! I am still trying to understand from where it is coming. Probably, a setup param in CollaboraOnLine/RichdocumentsCode I miss somewhere ! Thanks a lot
No idea, I'm not familiar with /proc/number and it doesn't seem to exist on a couple systems I checked here. Unless by 'number' you mean a numeric value, not the literal string 'number', in which case it's a handle to the running process id - and will change every time the php process does, so you will have to add the whole /proc directory to open_basedir. At that point you may want to pursue your understanding of why it does that and see about disabling that behavior due to security concerns (ie. of php code being allowed access to /proc).
Sorry, for being confusing /proc/number, is /proc/376895 in my case ! It's one of php-fpm process running on my server. I fully share that opening /proc in openbasedir is slightly dangerous ! I am trying to understand why sometimes, it request that, why sometimes no... if I discover, I'll let you know Thanks for your help