mod_fcgid: stderr: PHP Warning: is_dir(): open_basedir restriction in effect

Hello,

I have a bunch of servers with 3 drives: 25GB for the Debian6/7 OS and 2 1TB drives for site content/backup. I folllowed these instructions:

https://www.howtoforge.com/use_moun...ctory_of_a_ispconfig_server_to_a_new_location

All seemed to be working fine until I installed the "amember_remote" script which attempts to protect a directory/folder. The script is at the same level as the directory I am attempting to protect, both are in web (web/amember_remote and web/members) ... I can not "bounce up" (get into) the web directory in order to select members for protection and error log shows:

[Wed Feb 25 00:42:36 2015] [warn] [client 97.80.178.92] mod_fcgid: stderr: PHP Warning: is_dir(): open_basedir restriction in effect. File(/var/www/clients/client23/web39) is not within the allowed path(s): (/var/www/clients
/client23/web39/web:/var/www/clients/client23/web39/private:/var/www/clients/client23/web39/tmp:/var/www/DOMAIN_NAME_4/web:/srv/www/DOMAIN_NAME_4/web:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/
var/lib/phpmyadmin) in /var/www/clients/client23/web39/web/amember_remote/controllers/AdminController.php on line 254, referer: http://DOMAIN_NAME_4/amember_remote/admin/protect

Here's my server's setup:

root@server_name:/home/www# more /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
# / was on /dev/xvda2 during installation
UUID=4877a283-0f1e-4bde-8a0a-97b7e9b92a3e / ext3 errors=remount-ro,noatime 0 1
# /boot was on /dev/xvda1 during installation
UUID=6d14d427-c3b2-4b7d-915b-37dece24913a /boot ext3 defaults,noatime 0 2
LABEL=SWAP-xvdb1 swap swap defaults 0 0
/dev/xvdc /home ext3 errors=remount-ro,noatime,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0 3
/dev/xvde /backups ext3 errors=remount-ro,noatime 0 4
/home/www /var/www none bind,nobootwait,_netdev 0 0
#
/var/log/ispconfig/httpd/DOMAIN_NAME_1 /var/www/clients/client23/web6/log none bind,nobootwait,_netdev 0 0
/var/log/ispconfig/httpd/DOMAIN_NAME_2 /var/www/clients/client23/web13/log none bind,nobootwait,_netdev 0 0
/var/log/ispconfig/httpd/DOMAIN_NAME_3 /var/www/clients/client23/web39/log none bind,nobootwait,_netdev 0 0
/var/log/ispconfig/httpd/DOMAIN_NAME_4 /var/www/clients/client23/web45/log none bind,nobootwait,_netdev 0 0

root@server_name:/home/www# df
Filesystem 1K-blocks Used Available Use% Mounted on
rootfs 25555836 2738220 21519440 12% /
udev 10240 0 10240 0% /dev
tmpfs 205288 164 205124 1% /run
/dev/disk/by-uuid/4877a283-0f1e-4bde-8a0a-97b7e9b92a3e 25555836 2738220 21519440 12% /
tmpfs 5120 0 5120 0% /run/lock
tmpfs 829860 0 829860 0% /run/shm
/dev/xvda1 240972 34480 194051 16% /boot
/dev/xvdc 774092544 124258448 610512496 17% /home
/dev/xvde 774092544 718756916 16014028 98% /backups
/dev/xvdc 774092544 124258448 610512496 17% /var/www
/dev/disk/by-uuid/4877a283-0f1e-4bde-8a0a-97b7e9b92a3e 25555836 2738220 21519440 12% /var/www/clients/client23/web6/log
/dev/disk/by-uuid/4877a283-0f1e-4bde-8a0a-97b7e9b92a3e 25555836 2738220 21519440 12% /var/www/clients/client23/web13/log
/dev/disk/by-uuid/4877a283-0f1e-4bde-8a0a-97b7e9b92a3e 25555836 2738220 21519440 12% /var/www/clients/client23/web39/log
/dev/disk/by-uuid/4877a283-0f1e-4bde-8a0a-97b7e9b92a3e 25555836 2738220 21519440 12% /var/www/clients/client23/web45/log

root@server_name:/var/www# ls -la
total 36
drwxr-xr-x 8 root root 4096 Feb 23 13:33 .
drwxr-xr-x 12 root root 4096 Feb 19 13:59 ..
drwxr-xr-x 2 ispapps ispapps 4096 Feb 4 20:03 apps
lrwxrwxrwx 1 root root 31 Feb 4 23:17 DOMAIN_NAME_1 -> /var/www/clients/client23/web6/
drwxr-xr-x 3 root root 4096 Feb 4 23:17 clients
drwxr-xr-x 3 root root 4096 Feb 27 03:05 conf
lrwxrwxrwx 1 root root 32 Feb 5 20:41 DOMAIN_NAME_2 -> /var/www/clients/client23/web13/
lrwxrwxrwx 1 root root 32 Feb 16 12:50 DOMAIN_NAME_3 -> /var/www/clients/client23/web39/
-rw-r--r-- 1 root root 177 Feb 4 15:36 index.html
drwx------ 2 root root 4096 Feb 4 13:17 lost+found
drwxr-xr-x 7 root root 4096 Feb 23 13:33 php-fcgi-scripts
lrwxrwxrwx 1 root root 32 Feb 23 13:33 DOMAIN_NAME_4 -> /var/www/clients/client23/web45/
drwxr-xr-x 2 root root 4096 Feb 27 06:27 webalizer

root@server_name:/home# ls -la
total 28
drwxr-xr-x 3 root root 4096 Feb 19 14:01 .
drwxr-xr-x 25 root root 4096 Feb 19 13:40 ..
-rw------- 1 root root 8192 Feb 27 09:38 aquota.group
-rw------- 1 root root 8192 Feb 27 09:38 aquota.user
drwxr-xr-x 8 root root 4096 Feb 23 13:33 www

root@server_name:/home/www# ls -la
total 36
drwxr-xr-x 8 root root 4096 Feb 23 13:33 .
drwxr-xr-x 3 root root 4096 Feb 19 14:01 ..
drwxr-xr-x 2 ispapps ispapps 4096 Feb 4 20:03 apps
lrwxrwxrwx 1 root root 31 Feb 4 23:17 DOMAIN_NAME_1 -> /var/www/clients/client23/web6/
drwxr-xr-x 3 root root 4096 Feb 4 23:17 clients
drwxr-xr-x 3 root root 4096 Feb 27 03:05 conf
lrwxrwxrwx 1 root root 32 Feb 5 20:41 DOMAIN_NAME_2 -> /var/www/clients/client23/web13/
lrwxrwxrwx 1 root root 32 Feb 16 12:50 DOMAIN_NAME_3 -> /var/www/clients/client23/web39/
-rw-r--r-- 1 root root 177 Feb 4 15:36 index.html
drwx------ 2 root root 4096 Feb 4 13:17 lost+found
drwxr-xr-x 7 root root 4096 Feb 23 13:33 php-fcgi-scripts
lrwxrwxrwx 1 root root 32 Feb 23 13:33 DOMAIN_NAME_4 -> /var/www/clients/client23/web45/
drwxr-xr-x 2 root root 4096 Feb 27 06:27 webalizer

I have added /home/www/DOMAIN_NAME_4/web to the open_dir statement on the ISPConfig Option tab ... doesn't help ... I have manually editted the site's apache conf only to get a 403 "You aren't authorized" message. I switched over to suPHP only to get yet another error message

I believe the symlinks are the issue ... and at this point I am not sure how to fix this.

Any help the Forum can provide is appreciated.

Thank you.

 

I appreciate the reply ...

If I upload the script to "web/amember_remote" and kick off the script, I get directory list:

/ var / www / clients / client23 / web39 / web / amember_remote

when I click on the Protect Folders link, clicking on the web link go up a level, gets a:

[Fri Feb 27 14:21:28 2015] [warn] [client 97.80.178.92] mod_fcgid: stderr: PHP Warning: is_dir(): open_basedir restriction in effect. File(/var/www/clients/client23/web39) is not within the allowed path(s): (/var/www/clients/client23/web39/web:/home/www/clients/client23/web39/web:/var/www/clients/client23/web39/private:/var/www/clients/client23/web39/tmp:/var/www/DOMAIN_NAME/web:/srv/www/DOMAIN_NAME/web:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin) in /var/www/clients/client23/web39/web/members/amember_remote/controllers/AdminController.php on line 254, referer: http://DOMAIN_NAME/amember_remote/admin/protect

If I upload the script to "web/members/amember_remote" and kick off the script, I get the directory list:

/ var / www / clients / client23 / web39 / web / members / amember_remote

when I click on the Protect Folders link, clicking on the members link go up a level, I go up one level ... and if I click on the web link, I get the open_basedir error.

There is something about that web directory, the config statements or the symlinks which is causing an issue with fcgi and this amember_remote script.

Contacting the Developers was my next step ... the main script doesn't have this problem.

Thanks again.