Set PHP's open_basedir for all users' public_html via mod_userdir

Question

I have an Apache 2 web server that allows access to the public_html directory for each user via mod_userdir, like this:

<IfModule mod_userdir.c>
    UserDir public_html
    UserDir disabled root

    <Directory /home/*/public_html>
        # [*] configuration here
    </Directory>
</IfModule>

I would like to additionally configure PHP's open_basedir directive to forbid file access outside the user's homedir. For user jim, the directive would be

php_admin_value open_basedir "/home/jim/"

Question: Does Apache offer a way to do this through a variable at the spot marked [*] above, something like the following?

    <Directory /home/*/public_html>
        php_admin_value open_basedir "${APACHE_CURRENT_DIRECTORY}"
    </Directory>

I guess the above would then use `/home/jim/public_html` instead of `/home/jim`, so I'd have to write something like `"${APACHE_CURRENT_DIRECTORY}/.."`. — oliphaunt, May 08 '13 at 13:07
What do you mean by outside of the user home dir? Parent dir, children, or something else? Also, what is APACHE_CURRENT_DIRECTORY? — Boris, Dec 19 '13 at 22:36

Boris · Answer 1 · 2013-12-22T03:00:22.597

0

I don't know much about mod_php, but this should work. I assume that your APACHE_CURRENT_DIRECTORY variable is supposed to point to the current directory context, so just placing a "." will take care of it (unless mod php doesn't behave). Let me know how it goes.

<Directory /home/*/public_html>
  php_admin_value open_basedir "."
</Directory>

edited Dec 22 '13 at 03:00

answered Dec 19 '13 at 23:47

Boris

2,275
20
21

Set PHP's open_basedir for all users' public_html via mod_userdir

1 Answers1