php5_cgi php.ini

alexey.world

Verified User
Joined
Apr 15, 2007
Messages
12
1) How would the value "open_basedir" look like for "php5-cgi"(suPHP)?
2) What is the right right way to configurate the user file php.ini for php5-cgi suPHP. To be more specific: we need to get an independent the php.ini file for every user, so that the user couldn't do any manipulations with that file.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,341
Location
LT, EU
Why do you need open_basedir for it? suPHP doesn't allow to go outside the directory (unless other files are owned by the same user). If you will use system() function - it doesn't look for open_basedir value, because it can execute any ssh command. About the php.ini file - you can set anything you want in /usr/local/suphp/etc/suphp.conf. Good luck!
 

alexey.world

Verified User
Joined
Apr 15, 2007
Messages
12
Why do you need open_basedir for it? suPHP doesn't allow to go outside the directory (unless other files are owned by the same user). If you will use system() function - it doesn't look for open_basedir value, because it can execute any ssh command. About the php.ini file - you can set anything you want in /usr/local/suphp/etc/suphp.conf. Good luck!
any user can view any file outside his directory

<?php
readfile('/etc/passwd');
?>


system
apache 1.3 suphp(php-cgi 5)
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,341
Location
LT, EU
alexey.world, not any. /etc/passwd is word-readable. Try to read something like /home/otheruser/domains/otherdomain.com/public_html/config.php :)
 

PauGasol

Verified User
Joined
Feb 3, 2004
Messages
166
alexey.world, not any. /etc/passwd is word-readable. Try to read something like /home/otheruser/domains/otherdomain.com/public_html/config.php :)
also works.. i dont understand nothing. I have php5 with cgi suphp but i think that is an open hole.. why is possible /home/oneuser/public_html/ could read all files in the server? not only /etc/passwd if i put in the readfile funtion /home/otheruser/public_html/config.php i can see all the source code of the php.

I have try with open base dir in off and on and the same...

Help
 

jackc

Verified User
Joined
Jan 19, 2007
Messages
347
can you provide a user_create_post.sh script that adds a php.ini file into /home/username/php.ini and sets the open_basedir value?
i think the script should add with custombuild.
 

jackc

Verified User
Joined
Jan 19, 2007
Messages
347
i don't know how to replace the default open_basedir with /home/username/
 

iceuk626

Verified User
Joined
May 6, 2006
Messages
261
Location
United Kingdom
i would suggest

Code:
perl -pi -e 's/;open_basedir =/open_basedir =\/home\/$username/' /home/$username/php.ini
try this:
#!/bin/sh

# Default php.ini location
DEFPHPINI=/usr/local/etc/php5/cgi/php.ini

# PHP.ini user location
USERPHPINI=/home/$username/php.ini

cp $DEFPHPINI $USERPHPINI

perl -pi -e 's/;open_basedir =/open_basedir =\/home\/$username/' $USERPHPINI

chown root:root $USERPHPINI
 
Last edited:

jackc

Verified User
Joined
Jan 19, 2007
Messages
347
thanks, will try then post result.

btw, when deleting that user, is the php.ini going to be deleted as well? since it's with root:root.
 

iceuk626

Verified User
Joined
May 6, 2006
Messages
261
Location
United Kingdom
Yes the system will delete it ok

The $username variable in the perl line does not work!

This works fine:
#!/bin/sh

# Default php.ini location
DEFPHPINI=/usr/local/etc/php5/cgi/php.ini

# PHP.ini user location
USERPHPINI=/home/$username/php.ini

cp $DEFPHPINI $USERPHPINI

#### Cant get this to work!!!
#### perl -pi -e 's/;open_basedir =/open_basedir =\/home\/$username/g' $USERPHPINI

# Temp fix to insert path into php.ini
echo "open_basedir =/home/$username" >> $USERPHPINI

chown root:root $USERPHPINI
 
Last edited:

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,341
Location
LT, EU
iceuk626, it does :) Just change
Code:
perl -pi -e 's/;open_basedir =/open_basedir =\/home\/$username/g' $USERPHPINI
With:
Code:
perl -pi -e "s/;open_basedir =/open_basedir =\/home\/$username/g" $USERPHPINI
 

iceuk626

Verified User
Joined
May 6, 2006
Messages
261
Location
United Kingdom
All works fine apart from anything in /var/www/html

Everything i use is chown to webapps:webapps

What php.ini does /var/www/html use? when i uncomment suPHP_ConfigPath /usr/local/etc/php5/cgi/ in the suphp httpd conf all works fine again, but everthing goes back to the default php.ini.
 
Top