PHP: open_basedir in php.ini to Restrict and Limit PHP File Accesses to a Certain Directory

by Yang Yang on June 1, 2009

The open_basedir directive in php.ini limits PHP file accesses (such as file opening, writing and deleting) within a designated directory such as /home/www/public_html so that it doesn’t endanger the rest of the system in any way. With proper Apache permissions and PHP installed as an Apache module, PHP inherits whatever privileges Apache has. As Apache is usually endowed with very limited permission in the form of a ‘nobody’ or ‘www-data’ group, there’s actually no need for open_basedir.

So it’s actually turned off by default. Controversies are raised about whether to use it or not. While it’s good to have extra confinement of what your public PHP scripts can access and do, it’d also make your applications reliable on it for file system security.

To modify the value of this directive and restrict php directory access, just find php.ini and locate the line:

;open_basedir = 

And change it to minimum directory access your PHP applications need such as the web documents root:

open_basedir = '/home/www/public_html'
Subscribe to Kavoir: blog feed

You should also read:

dhanesh mane June 16, 2010 at 2:52 pm

Hey,

I want to use pear system.php in my php file.
I also have /usr/share/PEAR in my include_path, but when I include that file in my code it giving me fatal error that file is not present.

But files are there at proper location in pear package directory.

And due to open_basedir restriction I cant include it. Now whats the solution?? can you help me.

Thanks
Dhanesh

hron84 July 3, 2010 at 5:40 pm

@dhanesh mane:
symlink PEAR package to virtualhost or documentroot, and include them from here.

hron84 July 3, 2010 at 5:40 pm

Ehh, i would like write PEAR _folder_

dhanesh mane October 8, 2010 at 3:54 pm

@hron84, hey I was working around the symlink, but I was not able to find correct tutorial to symlink the pear with vertual host. if you have any kind of tutorial or details which can help me to symlink the pear with irtual host please let me know.

Thanks a lot.
Dhanesh

Comments on this entry are closed.

Previous post:

Next post: