-
-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle open_basedir #680
Comments
In this case – so how do they end up with this error? I'm guessing |
Well composer just writes in $HOME, so even ran from the web, I'm pretty sure it'd have failed. It's already failing gracefully if you don't have permissions, the problem is that file_exists() fails with an error when open_basedir is active. |
NOTE: As of PHP 5.3.0 open_basedir can be tightened at run-time (which also implies that it could be loosened). |
I don't think it implies that :) You can improve security by tightening, but not mess with the base config I believe. I tried it and indeed it only works in the tightening direction. |
I guess I was too optimistic and didn't have time (too lazy) to try it -- my bad :) |
+1 |
1 similar comment
+1 |
If you are stuck with the same issue, note that you have to add
|
+1 |
Adding /root and /usr/bin to open_basedir is a crazy security risk. You may use safer solution: <?php
putenv('COMPOSER_HOME=/var/www/composer-home'));
putenv('COMPOSER_CACHE_DIR=/var/www/composer-cache')); |
@Seldaek Any news? |
Nope, nobody cared enough to fix it so far it seems. |
If this helps anyone... I use the following shell-script as a wrapper around my composer.phar to deal with this: #!/bin/bash
#install composer if it's missing
if [ ! -f 'composer.phar' ] ; then
echo "Composer Not Found... installing"
curl -sS https://getcomposer.org/composer.phar > composer.phar
if [ $? -eq 0 ] ; then
echo "Installed!"
else
echo "Composer failed to install!";
exit 1;
fi
fi
#double check
if [ ! -f 'composer.phar' ] ; then
echo "Composer failed to install!";
exit 1;
else
COMPOSER_HOME='/var/www/composer/home' COMPOSER_CACHE_DIR='/var/www/composer/cache' bash -c "php -d allow_url_fopen=1 -d suhosin.executor.include.whitelist=phar composer.phar $@";
fi In addition to redirecting the I also deal with |
Hi, I've had the same issue, and think I've found the cause. I'm using a wrapper I've found out that it happens also, when the I don't know if it's already resolved in later Composer versions, sorry if it's a duplicate. By the way, my
|
3 similar comments
Hi, I've had the same issue, and think I've found the cause. I'm using a wrapper I've found out that it happens also, when the I don't know if it's already resolved in later Composer versions, sorry if it's a duplicate. By the way, my
|
Hi, I've had the same issue, and think I've found the cause. I'm using a wrapper I've found out that it happens also, when the I don't know if it's already resolved in later Composer versions, sorry if it's a duplicate. By the way, my
|
Hi, I've had the same issue, and think I've found the cause. I'm using a wrapper I've found out that it happens also, when the I don't know if it's already resolved in later Composer versions, sorry if it's a duplicate. By the way, my
|
@LazyTown (anyway that was the IRC name, if it's not the same person on github apologies for the spam) reported this issue:
Either we catch it and advertise the use of COMPOSER_HOME, or we just skip writing silently or with a soft warning.
The text was updated successfully, but these errors were encountered: