New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Option to set OpenBaseDir manually for domain/subdomain #515

Open
dirkey opened this Issue Feb 13, 2018 · 5 comments

Comments

Projects
None yet
3 participants
@dirkey

dirkey commented Feb 13, 2018

The OpenBaseDir can only be set to the "Home Directory" or the "Document Root". It would be nice to have a third option to set it manually. For example:
Magento needs only it's pub directory to be accessible via Apache (DocumentRoot), but PHP needs access to all files in the "Mangento Root" (OpenBaseDir). Currently I must give it access to all files under the home directory of the user.

@d00p

This comment has been minimized.

Member

d00p commented Feb 13, 2018

So, domain-documentroot is e.g. /[user]/magento/pub and your chice would be either /[user]/ or /[user]/magento/pub but you need /[user]/magento - correct?

@d00p

This comment has been minimized.

Member

d00p commented Feb 13, 2018

One of the "minor" problems here is that we try to avoid letting the customer enter paths manually as it might void the openbasedir functionality which the admin might wanted intentionally..that's why it's only these two choices

@dirkey

This comment has been minimized.

dirkey commented Feb 13, 2018

I see! Maybe, we let users only allow to add relative paths to there home directory. But then, we need to take care of relative paths pointing to a parent directory. A solution is also to show the directory tree instead of a textbox. Then he is only allowed to choose these.
Or populate the combobox with the tree related to the document root?

@NightmareJoker2

This comment has been minimized.

NightmareJoker2 commented Aug 6, 2018

My two cents: I'd love this. I've been creating separate users and using their home directories for it and that's become quite tedious to manage.
Allow the following three options:

  • document root
  • parent of document root (must be inside home directory)
  • home directory

If the parent of the document root is not inside the home directory, automatically set the home directory. (It's an absolute path string, so something like

$home_path = realpath($home_directory);
$open_basedir_path = realpath($open_basedir);
if ($home_path === $open_basedir_path || substr($open_basedir_path, 0, strlen($home_path) + 1) === $home_path.DIRECTORY_SEPARATOR)
{
    // everything is fine
}
else
{
    $open_basedir_path = $home_path;
}

should suffice to make this safe.

This would help greatly with properly setting up Drupal, Magento, Tyop3 and custom built applications, such that only one small index.php and static files remain in the document root of the web server's virtual host, and all application files, view templates (typically not with php extension, would be served as text), configuration, and possibly databases (e.g. SQLite ones) can safely remain outside of it and out of the reach of a FastCGI or rewrite engine failure of some sort from a package upgrade mishap.

@d00p

This comment has been minimized.

Member

d00p commented Aug 7, 2018

Sounds good to me @NightmareJoker2

@d00p d00p self-assigned this Oct 15, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment