The Planet Forums > open

edacsac

Jun 3 2007, 11:52 PM

Hi all,

I have a VPS account here at the planet using plesk and I'm trying to use opendir() and readdir() to read a directory outside of my httpdocs directory.

My httpdocs:
/var/www/vhosts/domain/httdocs

Where I'm trying to go:
/var/qmail/mailnames/domain/info/Maildir/new/

For a test, I'm just trying to back up a couple of directories and list the contents of:

/var/www/vhosts/

I've created a vhost.conf file in:

/var/www/vhosts/domain/conf

that has contained:

php_admin_flag engine on
php_admin_value open_basedir "/var"

or

php_admin_flag engine on
php_admin_value open_basedir /var

or

php_admin_flag engine on
php_admin_value open_basedir /

or

php_admin_flag engine on
php_admin_value open_basedir none

or

php_admin_flag engine on
php_admin_value open_basedir /var/www/vhosts

Hoping I would get access all the way back to /var

Then I run:

/usr/local/psa/admin/bin/websrvmng -a -v
/etc/rc.d/init.d/httpd restart

This is my script:

CODE

$dir = "../../../vhosts";
if (is_dir($dir)) {
	if ($dh = opendir($dir)) {
		while (($file = readdir($dh)) !== false) {
			echo "filename: $file : filetype: " . filetype($dir . $file) . "\n";
		}
		closedir($dh);
	}
}

But each time I refresh the page, I get:

Warning: opendir(): open_basedir restriction in effect. File(../../../vhosts) is not within the allowed path(s)

What am I doing wrong? I've been at this for hours. The instructions I've found seem resonable but they don't work for me.

edacsac

Jun 4 2007, 08:32 AM

Am I in the wrong forum with this question?

Squire

Jun 4 2007, 08:39 PM

I've not tried it, but my hunch would be you're trying to go too deep into the path and running up against chroot permissions. I rather doubt Plesk or any other CP would give the ability to easily override openbase restrictions that far down. It would be a huge security risk.

If you had ultimate control over the server you might be able to create a mount point that links from a folder within your permissiable area on the server to another. I've done something similar with a second drive I use to store several thousand fairly massive files and it works okay, but you're going to need root capabilities for something like that. Without root capabilities I suspect you're going to be SOL trying to go that deep.

edacsac

Jun 5 2007, 10:31 AM

QUOTE (Squire @ Jun 5 2007, 02:39 AM)

I've not tried it, but my hunch would be you're trying to go too deep into the path and running up against chroot permissions. I rather doubt Plesk or any other CP would give the ability to easily override openbase restrictions that far down. It would be a huge security risk.

If you had ultimate control over the server you might be able to create a mount point that links from a folder within your permissiable area on the server to another. I've done something similar with a second drive I use to store several thousand fairly massive files and it works okay, but you're going to need root capabilities for something like that. Without root capabilities I suspect you're going to be SOL trying to go that deep.

Thanks Squire,

I did resolve the open_basedir issue after lots of searching on the issue. But your right; now I've run into permission problems. I had received advice that I could change the owner of the very last folder I intend my script to read from (ie root:apache) and it should work without changing the whole path, but that either did not work or I have not set the permission correctly. If it's the former, then I would need to open up the complete path which I think would 1.) hamper the ability for mail to actually arrive in the mailbox, and 2.) The huge security risk.

Any ideas how to allow a php script to parse email files well outside of the httpdocs directory?