php5_cgi php.ini

A

alexey.world

Verified User
Joined
Apr 15, 2007
Messages
11
1) How would the value "open_basedir" look like for "php5-cgi"(suPHP)?
2) What is the right right way to configurate the user file php.ini for php5-cgi suPHP. To be more specific: we need to get an independent the php.ini file for every user, so that the user couldn't do any manipulations with that file.
 
Why do you need open_basedir for it? suPHP doesn't allow to go outside the directory (unless other files are owned by the same user). If you will use system() function - it doesn't look for open_basedir value, because it can execute any ssh command. About the php.ini file - you can set anything you want in /usr/local/suphp/etc/suphp.conf. Good luck!
 
smtalk said:
Why do you need open_basedir for it? suPHP doesn't allow to go outside the directory (unless other files are owned by the same user). If you will use system() function - it doesn't look for open_basedir value, because it can execute any ssh command. About the php.ini file - you can set anything you want in /usr/local/suphp/etc/suphp.conf. Good luck!
Click to expand...

any user can view any file outside his directory

<?php
readfile('/etc/passwd');
?>


system
apache 1.3 suphp(php-cgi 5)
 
alexey.world, not any. /etc/passwd is word-readable. Try to read something like /home/otheruser/domains/otherdomain.com/public_html/config.php :)
 
smtalk said:
alexey.world, not any. /etc/passwd is word-readable. Try to read something like /home/otheruser/domains/otherdomain.com/public_html/config.php :)
Click to expand...

also works.. i dont understand nothing. I have php5 with cgi suphp but i think that is an open hole.. why is possible /home/oneuser/public_html/ could read all files in the server? not only /etc/passwd if i put in the readfile funtion /home/otheruser/public_html/config.php i can see all the source code of the php.

I have try with open base dir in off and on and the same...

Help
 
can you provide a user_create_post.sh script that adds a php.ini file into /home/username/php.ini and sets the open_basedir value?
i think the script should add with custombuild.
 
i don't know how to replace the default open_basedir with /home/username/
 
i would suggest

Code: 
perl -pi -e 's/;open_basedir =/open_basedir =\/home\/$username/' /home/$username/php.ini

try this:
#!/bin/sh

# Default php.ini location
DEFPHPINI=/usr/local/etc/php5/cgi/php.ini

# PHP.ini user location
USERPHPINI=/home/$username/php.ini

cp $DEFPHPINI $USERPHPINI

perl -pi -e 's/;open_basedir =/open_basedir =\/home\/$username/' $USERPHPINI

chown root:root $USERPHPINI
Click to expand...
 
Last edited:
thanks, will try then post result.

btw, when deleting that user, is the php.ini going to be deleted as well? since it's with root:root.
 
Yes the system will delete it ok

The $username variable in the perl line does not work!

This works fine:
#!/bin/sh

# Default php.ini location
DEFPHPINI=/usr/local/etc/php5/cgi/php.ini

# PHP.ini user location
USERPHPINI=/home/$username/php.ini

cp $DEFPHPINI $USERPHPINI

#### Cant get this to work!!!
#### perl -pi -e 's/;open_basedir =/open_basedir =\/home\/$username/g' $USERPHPINI

# Temp fix to insert path into php.ini
echo "open_basedir =/home/$username" >> $USERPHPINI

chown root:root $USERPHPINI
Click to expand...
 
Last edited:
iceuk626, it does :) Just change
Code: 
perl -pi -e 's/;open_basedir =/open_basedir =\/home\/$username/g' $USERPHPINI

With:
Code: 
perl -pi -e "s/;open_basedir =/open_basedir =\/home\/$username/g" $USERPHPINI
 
All works fine apart from anything in /var/www/html

Everything i use is chown to webapps:webapps

What php.ini does /var/www/html use? when i uncomment suPHP_ConfigPath /usr/local/etc/php5/cgi/ in the suphp httpd conf all works fine again, but everthing goes back to the default php.ini.
 
You must log in or register to reply here.
Back
Top