0

I'm trying to change a text file located inside the /etc/nginx directory via php. I'm using fopen() to do this, however, I cannot access any directory outside my websites root folder.

For example, I have my website stored in the absolute path: /webroot/mywebsite/ and if I attempt to read anything outside that folder, like /etc/nginx, fopen() dies.

  • I have tried just using ../../etc/nginx but it cannot find it
  • I have tried running PHP as root
  • I have tried adding the user 'http' to the root group
  • I have tried setting the open_basedir variable in php.ini
  • I have tried symlinking the /etc folder to the /webroot folder, but it cannot find it
  • I have checked my Nginx config and all php configs are not overriding open_basedir
  • I have confirmed the php.ini I am editing does in fact change in phpinfo();
  • I have NOT tried chmodding the root directory of my Arch install. I fear this will break something

When I echo out realpath("index.php") it returns "/webroot/mywebsite/index.php"

This is how I've been confirming if I have access to my root directory, but it has not changed. I have no idea what else I can try. My old Debian install let me just use the absolute path. This is my new Arch install and this is the first time I've experienced this. I suspect it may be a permission issue, but I do not want to mas modify my entire OS root. Any other suggestions? Thanks

Syllith
  • 189
  • 10
  • And for the record, when I set open_basedir, I have tried setting it to just /, ../, and just commenting it out. No change – Syllith Jun 17 '20 at 01:34
  • I suppose Apache (or whatever web server you're using) has an extension installed that limits the access of scripts. That is very common in shared web hosts, so that clients can't have access to each other's files. – Havenard Jun 17 '20 at 01:36
  • I checked my nginx.conf and the php-fpm snippets but nothing mentions anything about the root dir – Syllith Jun 17 '20 at 01:40
  • https://www.php.net/manual/en/function.chroot.php – Havenard Jun 17 '20 at 01:41
  • PHP-FPM has some feature like that to enable secure webspaces as well. – Havenard Jun 17 '20 at 01:43
  • I have just set chroot in www.conf to /, but I'm still returning the same incomplete path "/webroot/mywebsite/index.php" and fopen cannot find the file located in /etc/nginx – Syllith Jun 17 '20 at 01:51

1 Answers1

1

Well. I'm very surprised I was not able to find this answer after literally 4 hours of googling but here it is. Hopefully I save someone the trouble.

The problem was located here: /lib/systemd/system/php-fpm.service

Find the line "ProtectSystem=full" and set it to "false". Ta-da, I now have access everywhere.

Syllith
  • 189
  • 10