1

I have a web server (Debian, Nginx) with multiple sites written in PHP. For security reasons, I'm restricting each site with open_basedir by specifying it as fastcgi_param in the Nginx configuration:

location ~ \.php$ {
    try_files $uri =404;
    fastcgi_index  index.php;
    fastcgi_pass   unix:/var/run/php5-fpm.sock;
    include        fastcgi_params;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_param  SCRIPT_NAME      $fastcgi_script_name;
    fastcgi_param  PHP_VALUE "open_basedir=$document_root";
}

This does however complicate file uploads from frontend, as the default temporary directory (upload_tmp_dir) is outside the open_basedir. The optimal solution would be to add it as another fastcgi_param:

fastcgi_param PHP_VALUE "upload_tmp_dir=$document_root/wp-content/tmp";

This doesn't work, though, as it seems like upload_tmp_dir must be set in php.ini - which wouldn't work with my multiple sites.

How can I solve this and still maintain the open_basedir?

Ivar
  • 4,344
  • 6
  • 38
  • 53
  • What about making each site upload path inside a main tmp path? Or keep them all at the same tmp place but use some unique value for each site for creating tmp files. – itpp13 Jun 16 '15 at 20:32
  • But if `open_basedir` is `/var/www/site1` and `/var/www/site2`, how should they share `upload_tmp_dir`? :-) – Ivar Jun 17 '15 at 06:43
  • No idea how, was just a translucent thought :) what about a symlink? hmm this should also be possible: php_admin_value open_basedir /var/www/html/:/usr/local/php/tmp/ where tmp is then shared across sites. – itpp13 Jun 17 '15 at 07:56

0 Answers0