Mod-PHP & open_basedir problem

Hi, there seems to be "funny" problem with mod-PHP and open_basedir

When adding new page and enabling php with Mod-PHP, ISPConfig set open_basedir to 3 different folder (example: /var/www/clients/client2/web4/web:/var/www/clients/client2/web4/tmp:/usr/share/php)

But when you visit that web page you get an error:
Warning: Unknown: open_basedir restriction in effect. File(/var/www/clients/client2/web4/web/j2me.php) is not within the allowed path(s): () in Unknown on line 0 Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0 Fatal error: Unknown: Failed opening required '/var/www/poraba.com/web/j2me.php' (include_path='.:/usr/share/php:/usr/share/pear') in Unknown on line 0

When I add '/var/www/poraba.com/web/' to open_basedir list everything works fine. It looks like that open_basedir don't recognize links.

And there's another problem connected with that. When you add page with Mod-PHP, and try to open phpmyadmin, you get the same error.
I added 'php_admin_value open_basedir none' to /etc/apache2/conf.d/phpmyadmin.conf and now everything works ok.

 

Dear all

Same problem..

I am having trouble in having my SquirrelMail and PHPMyAdmin running.

Trying to tackle the SquirrelMail first, I have thus -

Code:

php_admin_value open_basedir /var/www/clients/client1/web1/web:/var/www/clients/client1/web1/tmp:/usr/share/php5:/usr/share/squirrelmail

It didn't work.. Instead, I disabled "php_admin_value open_basedir" altogether and it works!!

What would be the implications if I do away with "php_admin_value open_basedir"?

What should I do to retain it and yet have my shared apps working?

If I modify "/usr/local/ispconfig/server/conf/vhost.conf.master", how do I refresh the whole setup and have it's changes reflected to all accounts in my system?

I setup my system following howtoforge's howto for centos5.2

Thank you in advance!


Regards

Maulvi

 

Squirrelmail, Mod-PHP, and open_basedir Problem

Same Problem:

Environment:

ISPConfig 3.0.1.5 from SVN - Perfect Server Setup Debian Lenny 5.0.3 (AMD64)
(however, same problem before in ISPConfig 3.0.1.4 stable)

Conventions used below:

hostname: mymachine.example.com (xxx.xxx.xxx.80)

Sitenames:
example1.com (xxx.xxx.xxx.101)
example2.com (xxx.xxx.xxx.102)
example3.com (xxx.xxx.xxx.103)
example4.com (xxx.xxx.xxx.104)

All sites running with Mod-PHP.


What have I done?
If mymachine.example.com is set to “*” and not to a dedicated IP then squirrelmail is accessible for this domain.

If mymachine.example.com is set to an dedicated IP (xxx.xxx.xxx.80) then squirrelmail becomes generally not accessible.

Since all other domains shall use squirrelmail, I already created symlinks to /usr/share/squirrelmail in the " web" folders of example1.com – example4.com.

Further I added /usr/share/squirrelmail to the open_basedir directive in /usr/local/ispconfig/server/conf/vhost.conf.master

Code:

<tmpl_if name='php' op='==' value='mod'>

    # mod_php enabled

    AddType application/x-httpd-php .php .php3 .php4 .php5

    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"

    php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp

    php_admin_value session.save_path <tmpl_var name='document_root'>/tmp

<tmpl_if name='security_level' op='==' value='20'>

    php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5:/opt/typo3:/usr/share/squirrelmail

</tmpl_if>

However:

While mymachine.example.com is set to “*” and I call mymachine.example.com/webmail
the welcome screen of squirrelmail is displayed.

But for example1.com/webmail I get following:

Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(config/config.php) is not within the allowed path(s): (/var/www/clients/client1/web6/web:/var/www/clients/client1/web6/tmp:/usr/share/php5:/opt/typo3:/usr/share/squirrelmail) in /usr/share/squirrelmail/index.php on line 15

ERROR: Config file "config/config.php" not found. You need to configure SquirrelMail before you can use it.


Does anyone have a suggestion what is going wrong?

PS: Target is still to have mymachine.example.com not on "*", since I want to install an SSL certificate there which matchs multiple subdomains. (not a wildcard, just a cert with some alias names for mymachine.example.com, service1.example.com, service2.example.com,...)

 

If you still want to keep the old way of accesing the webmail through http://your-vhost-url/webmail/ or if your users are used to accesing their webmail through http://your-vhost-url/webmail/ you can use the apache Redirect directive.

If your server name is for example hosting.your-domain.com (i'm talking here about the ispconfig 3 server name) when you install squirrelmail it'll make an alias "webmail" under your document root. Rename that alias to wmail.

Place the following somwhere in your apache config:

Redirect /webmail/ http://hosting.your-domain.com/wmail/

*PS: renaming webmail to wmail is useful because otherwise apache would run in to a loop redirecting to /webmail

Hope this helps. The same thing can be done for phpmyadmin if you want to give your users acces to phpmyadmin using http://your-vhost-url/phpmyadmin/.