For my web hosting panel, users need to be blocked from accessing files outside their own directory (/var/www/u/s/username
). I tried to use this line in httpd.conf
to prevent people from going up a directory.
对于我的Web托管面板,需要阻止用户访问他们自己目录之外的文件(/ var / www / u / s / username)。我试图在httpd.conf中使用这一行来阻止人们上一个目录。
<Directory /var/www/users/>
php_admin_value open_basedir .:/usr/lib/php5
</Directory>
But in php.ini
, it seems to have no effect. What am I doing wrong?
但在php.ini中,它似乎没有任何效果。我究竟做错了什么?
4 个解决方案
#1
It might be a silly suggestion, but have you restarted the webserver after making the php.ini changes?
这可能是一个愚蠢的建议,但你在php.ini更改后重新启动了网络服务器吗?
Another method you might try using is to append a file using the "auto_prepend_file" directive to include a script to tighten up the open_basedir directive to the current users directory:
您可能尝试使用的另一种方法是使用“auto_prepend_file”指令附加文件,以包含一个脚本,以将open_basedir指令收紧到当前用户目录:
From PHP.net (http://www.php.net/manual/en/ini.sect.safe-mode.php)
来自PHP.net(http://www.php.net/manual/en/ini.sect.safe-mode.php)
As of PHP 5.3.0 open_basedir can be tightened at run-time. This means that if open_basedir is set to /www/ in php.ini a script can tighten the configuration to /www/tmp/ at run-time with ini_set()
从PHP 5.3.0开始,open_basedir可以在运行时收紧。这意味着如果在php.ini中将open_basedir设置为/ www /,脚本可以在运行时使用ini_set()将配置收紧到/ www / tmp /
ADDITIONAL SUGGESTION:
The Apache configuration will need to be set up properly for INI overrides to be effective. Ensure that you have "AllowOverride Options" or "AllowOverride All" set in the Apache config for your Server or Virtual Host.
需要正确设置Apache配置才能使INI覆盖生效。确保在服务器或虚拟主机的Apache配置中设置了“AllowOverride Options”或“AllowOverride All”。
http://us2.php.net/configuration.changes
http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride
#2
You may need to add a line for each user Directory:
您可能需要为每个用户目录添加一行:
<Directory /var/www/u/s/username>
php_admin_value open_basedir "/var/www/u/s/username/:/shared/path/"
</Directory>
Note that the trailing slash is here to prevent user "username" from accessing a "username2" directory.
请注意,尾部斜杠用于防止用户“用户名”访问“username2”目录。
#3
- As far as I can tell, it's not in path format it has to be just one directory;
- Using "." with open_basedir makes no sense at all, "." is allways the current directory. You can
chdir('/wherever/you/want')
, having "." expanded as/wherever/you/want
据我所知,它不是路径格式,它必须只是一个目录;
使用“。”使用open_basedir毫无意义,“。”总是当前的目录。你可以chdir('/ wherever / you / want'),有“。”扩展为/您/您/想要的地方
#4
Most probably you're modifying the wrong "php.ini".
很可能你正在修改错误的“php.ini”。
#1
It might be a silly suggestion, but have you restarted the webserver after making the php.ini changes?
这可能是一个愚蠢的建议,但你在php.ini更改后重新启动了网络服务器吗?
Another method you might try using is to append a file using the "auto_prepend_file" directive to include a script to tighten up the open_basedir directive to the current users directory:
您可能尝试使用的另一种方法是使用“auto_prepend_file”指令附加文件,以包含一个脚本,以将open_basedir指令收紧到当前用户目录:
From PHP.net (http://www.php.net/manual/en/ini.sect.safe-mode.php)
来自PHP.net(http://www.php.net/manual/en/ini.sect.safe-mode.php)
As of PHP 5.3.0 open_basedir can be tightened at run-time. This means that if open_basedir is set to /www/ in php.ini a script can tighten the configuration to /www/tmp/ at run-time with ini_set()
从PHP 5.3.0开始,open_basedir可以在运行时收紧。这意味着如果在php.ini中将open_basedir设置为/ www /,脚本可以在运行时使用ini_set()将配置收紧到/ www / tmp /
ADDITIONAL SUGGESTION:
The Apache configuration will need to be set up properly for INI overrides to be effective. Ensure that you have "AllowOverride Options" or "AllowOverride All" set in the Apache config for your Server or Virtual Host.
需要正确设置Apache配置才能使INI覆盖生效。确保在服务器或虚拟主机的Apache配置中设置了“AllowOverride Options”或“AllowOverride All”。
http://us2.php.net/configuration.changes
http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride
#2
You may need to add a line for each user Directory:
您可能需要为每个用户目录添加一行:
<Directory /var/www/u/s/username>
php_admin_value open_basedir "/var/www/u/s/username/:/shared/path/"
</Directory>
Note that the trailing slash is here to prevent user "username" from accessing a "username2" directory.
请注意,尾部斜杠用于防止用户“用户名”访问“username2”目录。
#3
- As far as I can tell, it's not in path format it has to be just one directory;
- Using "." with open_basedir makes no sense at all, "." is allways the current directory. You can
chdir('/wherever/you/want')
, having "." expanded as/wherever/you/want
据我所知,它不是路径格式,它必须只是一个目录;
使用“。”使用open_basedir毫无意义,“。”总是当前的目录。你可以chdir('/ wherever / you / want'),有“。”扩展为/您/您/想要的地方
#4
Most probably you're modifying the wrong "php.ini".
很可能你正在修改错误的“php.ini”。