open_basedir restricting ALL php functions?
Ok, I run a free web-based hosting company. Recently, we switched from forum hosting to web hosting. As such, we have a web based file manager to allow users to upload files. We allow our users to upload PHP, as we believe this is a MUST in the hosting world today, even for free users. However, after some time we found a must for safe_mode and open_basedir to restrict users from accessing files outside their folders. Our httpd.conf entry looks something like this:
<directory /home/hattrick/public_html/users>
php_admin_value safe_mode On
php_admin_value open_basedir /home/hattrick/public_html/users
</directory>
This works efficiently for turning on safe_mode (before we didn't have open_basedir turned on, until a recent "hacking"). However, open_basedir is causing NO php functions to execute. When trying to execute a file as simple as <? phpinfo(); ?>, we get the following errors:
Warning: Unknown(): open_basedir restriction in effect. File(/home/hattrick/public_html/users/hattrick2/phpinfo.php) is not within the allowed path(s): (0) in Unknown on line 0
Warning: Unknown(/home/hattrick/public_html/users/hattrick2/phpinfo.php): failed to open stream: Operation not permitted in Unknown on line 0
Warning: Unknown(): open_basedir restriction in effect. File(/home/hattrick/public_html/users/hattrick2/phpinfo.php) is not within the allowed path(s): (0) in Unknown on line 0
Warning: Unknown(/home/hattrick/public_html/users/hattrick2/phpinfo.php): failed to open stream: Operation not permitted in Unknown on line 0
Warning: (null)(): Failed opening '/home/hattrick/public_html/users/hattrick2/phpinfo.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in Unknown on line 0
This is quite fustrating, and I'd like some help. Any information is greatly appreciated. The system we're on is using PHP 4.3.11.
Any ideas of what we can do? We're trying to allow our users to use PHP safely, not deny their access completely. We simply just don't want them to access files outside their directories.
