Open_basedir not having any effect?

It might be a silly suggestion, but have you restarted the webserver after making the php. Ini changes? Another method you might try using is to append a file using the "auto_prepend_file" directive to include a script to tighten up the open_basedir directive to the current users directory: From PHP.Net ( php.net/manual/en/ini.sect.safe-mode.php ) As of PHP 5.3.0 open_basedir can be tightened at run-time.

This means that if open_basedir is set to /www/ in php. Ini a script can tighten the configuration to /www/tmp/ at run-time with ini_set() ADDITIONAL SUGGESTION: The Apache configuration will need to be set up properly for INI overrides to be effective. Ensure that you have "AllowOverride Options" or "AllowOverride All" set in the Apache config for your Server or Virtual Host http://us2.php.net/configuration.changes http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride.

It might be a silly suggestion, but have you restarted the webserver after making the php. Ini changes? Another method you might try using is to append a file using the "auto_prepend_file" directive to include a script to tighten up the open_basedir directive to the current users directory: From PHP.Net (php.net/manual/en/ini.sect.safe-mode.php) As of PHP 5.3.0 open_basedir can be tightened at run-time.

This means that if open_basedir is set to /www/ in php. Ini a script can tighten the configuration to /www/tmp/ at run-time with ini_set() ADDITIONAL SUGGESTION: The Apache configuration will need to be set up properly for INI overrides to be effective. Ensure that you have "AllowOverride Options" or "AllowOverride All" set in the Apache config for your Server or Virtual Host.

http://us2.php.net/configuration.changes http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride.

You may need to add a line for each user Directory: php_admin_value open_basedir "/var/www/u/s/username/:/shared/path/" Note that the trailing slash is here to prevent user "username" from accessing a "username2" directory.

As far as I can tell, it's not in path format it has to be just one directory; Using ". " with open_basedir makes no sense at all, ". " is allways the current directory.

You can chdir('/wherever/you/want'), having ". " expanded as /wherever/you/want.

A webhost I used to moderate used this type of restriction. It works, although it prevents a few scripts from working. I use mod_vhost_alias so I can't just add a different open_basedir for each user.Is there a better way of doing this?

– phpscriptcoder Apr 3 '09 at 19:57 I tested it on another server, and it won't let me chdir out of the open_basedir allowed paths. – phpscriptcoder Apr 3 '09 at 19:58.

Most probably you're modifying the wrong "php. Ini".

I'm putting it in the main httpd. Conf (the right one :) ). I can't put it in php.

Ini because I have 2 Apache instances running of the same binary, and they need to have different configurations. – phpscriptcoder Apr 3 '09 at 19:51 In this case the description of your problem doesn't make sense - on one hand it works if put in httpd. Conf and doesn't work when in php.ini.

But on the other hand you can't put it in the php. Ini anyway. So what's your problem?

– Milen A. Radev Apr 3 '09 at 22:14 It does NOT work in the httpd.conf. Sorry for not making that clear.

– phpscriptcoder Apr 5 '09 at 13:54 Create a script with only a call to "phpinfo()" in it and put it where the other "restricted" scripts should reside. Open it in the browser and check what's the value of "open_basedir". – Milen A.

Radev Apr 5 '09 at 17:44.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.