I'm running Apache/2.2.14 (Ubuntu) and PHP 5.3.2-1ubuntu4.10. I would like to define open_basedir rules in /etc/apache2/httpd.conf that apply to all vhosts, but also define additional directories on a per-vhost basis (via the ISPConfig interface). The problem I'm having is that open_basedir inheritance does not seem to behave as described in the PHP manual. From the manual ( http://php.net/manual/en/ini.core.php ): I have not found this to be the case. In /etc/apache2/httpd.conf I have: Code: <Directory /var/www/> AllowOverride All Order allow,deny Allow from all php_admin_value open_basedir "/dev/urandom:/usr/share/php" </Directory> And in the "Apache Directives" box for the vhost in question, I have: Code: <Directory /var/www/example.com> php_admin_value open_basedir "/var/www/example.com/tmp:/var/www/example.com/web" </Directory> Yet, when I view the output from phpinfo() from within a script at /var/www/example.com/web/info.php, the directories listed for open_basdir are: Code: /var/www/dev.level8ds.com/tmp:/var/www/dev.level8ds.com/web So, the open_basedir directories that are defined in /etc/apache2/httpd.conf are not being inherited, but rather, they are being overwritten. This is the behavior that I have observed and documented: Firstly, directives prepended with "php_admin_*" cannot be modified with subsequent definitions (even if they contain the php_admin_* prefix); they are final. Similarly, directives defined with php_admin_* will OVERWRITE any previous directives (even if they contain the php_admin_* prefix). Further, directives defined with php_* have no effect if the equivalent php_admin_* directive has been defined (either before or after). Finally, php_admin_* directives will overwrite their php_* equivalents. Has anyone else encountered this issue? Thanks in advance...
The PHP documentation is misleading. Apparently, the statement means that if the open_basedir directive is defined as such Code: <Directory /var/www/example.com> php_value open_basedir "/tmp:/var/www/example.com/web" </Directory> then a script in /var/www/example.com/web will have access to /tmp. It does NOT mean that more specific open_basedir values may be defined for child directories to create a "cascading" or "stacking" effect. So, adding to the above directive something like Code: <Directory /var/www/example.com/web/modules> php_value open_basedir "/var/www/example.com/protected/includes" </Directory> will NOT make the effective open_basedir for /var/www/example.com/web/modules "/tmp:/var/www/example.com/web:/var/www/example.com/protected/includes" but rather so doing will OVERWRITE the parent directory's open_basedir definition and make the effective open_basedir "/var/www/example.com/protected/includes" It seems prudent to open a bug report for the PHP documentation and request that this statement be clarified.
