0

I need help getting PHP (v5.4.45) errors and permissions working properly after a server was migrated. Some of my sites need to access some files from another domain on the same server.

For example, /var/www/vhosts/planetrockcm.com/httpdocs/test.php might try to include /var/www/vhosts/rock.church/httpdocs/robots.txt using PHP include "/var/www/vhosts/domain1/httpdocs/robots.txt";

In Plesk (v17.5.3) I went into the domain > PHP settings > and modified the open_basedir settings to include /var/www/vhosts/rock.church/httpdocs/ (pic)

I setup an example to show what I'm getting at http://planetrockcm.com/test.php

Here's what test.php has in it:

<?php

  include "/var/www/vhosts/rock.church/httpdocs/robots.txt";

  phpinfo();

?>

Here's the error's I'm getting: (pic)

Warning: include(): open_basedir restriction in effect. File(/var/www/vhosts/rock.church/httpdocs/robots.txt) is not within the allowed path(s): (/var/www/vhosts/planetrockcm.com/:/tmp/:/var/www/vhosts/rock.church/httpdocs/) in /var/www/vhosts/planetrockcm.com/httpdocs/test.php on line 3

Warning: include(/var/www/vhosts/rock.church/httpdocs/robots.txt): failed to open stream: Operation not permitted in /var/www/vhosts/planetrockcm.com/httpdocs/test.php on line 3

It is saying there is an open_basedir restriction. The confusing part to me is that I actually added the path in manually as seen in the error itself.

open_basedir restriction in effect. File(/var/www/vhosts/rock.church/httpdocs/**robots.txt) is not within the **allowed path(s): (/var/www/vhosts/planetrockcm.com/:/tmp/:/var/www/vhosts/rock.church/httpdocs/)

Update: I have followed this post from support.plesk.com to ensure open_basedir is set to none on all the domains. After running this I was no longer getting the open_basedir restriction warning, only the failed to open stream: Permission denied warning. (pic)

I also confirmed that SELinux is disabled. (pic)

Permissions for var/www/vhosts/rock.church/httpdocs/ 755 drwxr-xr-x 10 rockchadmin 4.0K Feb 22 01:34 httpdocs/ (pic)

Permissions for var/www/vhosts/planetrockcm.com/httpdocs/test.php 755 -rw-r--r-- 1 pr_cm_admin 161 Mar 23 19:32 test.php (pic)

I can see that they are owned by different users. I'm not sure if that's the problem.

I'm really grateful for any help getting this resolved or pointing me in the right direction. My host is saying they are not able to help.

michaelespinosa
  • 505
  • 2
  • 5
  • 15
  • Could you comment out the `include` line and just use `phpinfo`, in there please search for "open_basedir" and tell us what the value is. (just to make sure it's set propperly) Additional question, do you have access (ssh) to the commandline of the server – wawa Mar 23 '18 at 23:05
  • @wawa When I check the value it shows /var/www/vhosts/planetrockcm.com/:/tmp/:/var/www/vhosts/rock.church/httpdocs/ (pic - https://www.dropbox.com/s/y6tj1sc1j3aifoz/Screenshot%202018-03-23%2016.32.42.png?dl=0)- I do have ssh access. – michaelespinosa Mar 23 '18 at 23:33
  • In this case check the permissions of the /var/www/vhost/rock.church/httpdocs folder by using `ls -hal /var/www/vhost/rock.church/httpdocs` does php (or apache) has acces to it? – wawa Mar 24 '18 at 00:24
  • It looks like the user does - https://www.dropbox.com/s/zv6wifb5f4nur8n/Screenshot%202018-03-23%2017.48.04.png?dl=0 --- drwxr-xr-x 10 rockchadmin 4.0K Feb 22 01:34 httpdocs/ – michaelespinosa Mar 24 '18 at 00:48
  • What's the output for `ls -hal /var/www/vhosts/planetrockcm.com/httpdocs` are they owned by the same user? Although it seams like every one has read access to that folder. – wawa Mar 24 '18 at 07:51
  • Some older PHP versions were having issues if `open_basedir` includes paths ending with the slash. Try removing it, as in `/var/www/vhosts/planetrockcm.com:/tmp:/var/www/vhosts/rock.church/httpdocs`. – Elvis Plesky Mar 24 '18 at 11:31
  • @wawa They are owned by different users. Actually, the group is different too. – michaelespinosa Mar 26 '18 at 20:21
  • @ElvisPlesky I was actually able to get past the `open_basedir`. Would welcome some help with the permissions. – michaelespinosa Mar 26 '18 at 20:23
  • Are you using something like BSD or CloudLinux which comes with build in protection for the file system? Could you login as one user and try to access the files of the other user, using ssh? Run `sudo su rockchadmin` to get to `rockchadmin` user from a sudo/root user and then run `cat /var/www/vhosts/planetrockcm.com/httpdocs/robots.txt` (`cat` will just output the content of the file to the commandline) – wawa Mar 26 '18 at 21:13
  • @wawa I'm on MediaTemple on a dedicated virtual server that's running on CentOS Linux 7.4.1708 (Core)‬. I am able to `sudo su rockchadmin` and `cat` a files from `/var/www/vhosts/rock.church/httpdocs/` but get permission denied when trying to cat files from `/var/www/vhosts/planetrockcm.com/httpdocs`. When I try to `sudo su pr_cm_admin` the owner of the planetrockcm.com domain it doesn't switch to the account - https://www.dropbox.com/s/i13avnbjqe22u6o/Screenshot%202018-03-26%2015.24.25.png?dl=0 – michaelespinosa Mar 26 '18 at 22:24
  • IMO it's a issue of file reading permissions. I'd suggest asking about it over on serverfault – wawa Mar 26 '18 at 22:27
  • @wawa I'm very appreciative of your help on this. I will pursue this on Serverfault as you've suggested. I'm willing to pay for a solution on this issue and would be interested if you've worked with anyone you'd recommend? – michaelespinosa Mar 26 '18 at 22:38
  • @michaelespinosa Verify that the full path to the file has enough permissions. `/var/`, `/var/www/`, `/var/www/vhosts/`, `/var/www/vhosts/planetrockcm.com/`, `/var/www/vhosts/planetrockcm.com/httpdocs/` should be writeable and executable for `rockchadmin`. – Elvis Plesky Mar 26 '18 at 23:20

0 Answers0