How to extract Zip archive located under different user directory in ISPConfig 3

Question

I face the problem with extracting the .zip archive located under different user web/ directory. Let me explain: I have 2 websites both written on pure php. First website i use to manage Second. Every client on Second website has his own folder located in root with similar code but different configs. It looks like this:

Second website

...
/var/www/clients/client0/web2/web/client1/...
/var/www/clients/client0/web2/web/client2/...
...

Like you understand owner of this files is user: web2 and group: client0

And First website location:

...
/var/www/clients/client0/web1/web/...
...

Owner of this files is user: web1 and group: client0

What I'm trying to do is to extract zip archive at Second webroot directory while working on my backend on First website when create a new client.

Here is the code i tried(this works perfect on my localhost when user: www-data and group: www-data):

...
if (!file_exists('/var/www/clients/client0/web2/web/' . $_POST['storeid'])) {
    $zip = new ZipArchive;
    $dir = '/var/www/clients/client0/web2/web/';
    $install_dir = $dir . 'backup/';

    $res = $zip->open($install_dir . 'client_install.zip');

    if ($res === TRUE) {

        //Try to execute

        $zip->extractTo($dir . $_POST['storeid'] . '/'); //var/www/clients/client0/web2/client2

        $zip->close();

        //Set permitions on new store folder
        chmod_r($dir . $_POST['storeid'], 0755, 0644);

        echo "\nExtracted successfully to " . $dir;
        die();
    } else {
        echo "Failed to open zip: " . $dir . "client_install.zip" . " \n";
        die();
    }
}
...

At the time when i run this code i get message:

Failed to open zip: /var/www/clients/client0/web2/web/backup/client_install.zip

I know it may be related to user permissions. How can solve this considering keeping same ISPConfig environment and user permissions.

Update:

Here is the error log message:

PHP Warning: ZipArchive::open(): open_basedir restriction in effect. File(/var/www/clients/client0/web2/web/client1/backup/client_install.zip) is not within the allowed path(s):(/var/www/clients/client0/web1/web:/var/www/clients/client0/web1/private:/var/www/clients/client0/web1/tmp:/var/www/test.site.com/web:/srv/www/test.site.com/web:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin) in /var/www/clients/client0/web1/web/process.php on line 261.

My question may sound stupid, so I'm sorry in advance. But can a change in the entry in a particular website of open_basedir option affect the performance of the entire server, or the inability of Apache to restart. My question is because my test website is located on a server with production sites. And I would not want to make these changes without initial consultation. So I think I need to add a new path to the open_basedir site parameter. People who know how this option works specifically, please respond to this post. Thanks in advance.

That's the message you've written. It illustrates that `$res` is not `true`. What is it then? — Álvaro González, Jan 16 '20 at 18:52
Not even an error code. That's weird. Do you have access to full error reporting messages? Some times when random file system functions fail you get a warning with some info. — Álvaro González, Jan 16 '20 at 18:57
I will check on the server apache log right now, but i also check `if (!file_exists(...` that means that php worker has access to this directory correct? or `file_exist` return false even if it does not have the rights to check? — Serghei Leonenco, Jan 16 '20 at 19:04
`open_basedir` is not an optimisation of any kind. It's a last resort security mechanism for shared hosting that doesn't apply restrictions on OS level. And it seems it's working nicely in your case :) — Álvaro González, Jan 26 '20 at 10:32

How to extract Zip archive located under different user directory in ISPConfig 3

0 Answers0