Edit report at http://bugs.php.net/bug.php?id=22181&edit=1
ID: 22181 Updated by: [email protected] Reported by: dragos dot nitu at idilis dot ro Summary: open_basedir and virtual hosting -Status: Open +Status: Closed Type: Feature/Change Request -Package: Feature/Change Request +Package: *General Issues PHP Version: 4.3.0 -Assigned To: +Assigned To: jani Block user comment: N Private report: N New Comment: It's PHP_INI_ALL nowadays. Previous Comments: ------------------------------------------------------------------------ [2004-11-22 13:45:39] creinig at sunsite dot dk Similar problem here: We want to use php with apache2 (mpm_worker) via fastcgi for a shared hosting setup. One solution to securing this is to use mod_suexec to create a separate pool of php instances per virtualhost. But that's eating tons of RAM. If open_basedir (and if possible also safe_mode_include_dir, safe_mode_exec_dir, include_path and upload_tmp_dir) would accept wildcards as described in the original requets, it would be possible to securely use one pool of php instances for all vhosts. ------------------------------------------------------------------------ [2003-02-12 00:30:52] dragos dot nitu at idilis dot ro In apache, using nameserver based mass virtual hosting, I can't set open_basedir per user/virtual host basis. Solutions like php_admin_value .:/usr/lib/php didn't work for all users (../include). The solution that I think of is to set open_basedir to something like ".:/var/www/*/:/usr/lib/php", where '*' will be replaced by the coresponded directory from the script path. For example '/var/www/www.site.com/forum/index.php' should have open_basedir '/var/www/www.site.com/'. I made an 'works for me patch' available here: ftp://ftp.idilis.ro/linux/idilis/basedir.patch However it wold be nice if this feature would be included in future php versions. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=22181&edit=1
