Open_basedir restriction OC 10.1.6

fw114 · January 31, 2018, 6:17pm

HI ,

i am not able to get owncloud to work. OC wrote a log of 400 GB (!) that openbasedir is in use:

"reqId":"0UCTedsLQ3W7wfnssD2k","level":3,"time":"2018-01-31T18:06:03+00:00","remoteAddr":"xxx.xxx.xxx.59","user":"myUser","app":"PHP","method":"POST","url":"\/owncloud\/index.php\/login?user=myUser","message":"realpath(): open_basedir restriction in effect. File(\/) is not within the allowed path(s): (\/var\/www\/xxxx\/xxxx\/web2\/web:\/var\/www\/xxxxx\/xxxx\/web2\/private:\/var\/www\/xxxx\/xxxx\/web2\/tmp:\/var\/www\/xxxxx\/web:\/srv\/www\/xxxx\/web:\/usr\/share\/php5:\/usr\/share\/php:\/tmp:\/usr\/share\/phpmyadmin:\/etc\/phpmyadmin:\/var\/lib\/phpmyadmin:\/var\/www\/xxxx\/xxxx\/web2\/web\/xxx:\/var\/www\/xxxx\/xxxx\/web2\/web\/xxx\/data:\/var\/www\/xxx\/xxx\/web2\/web\/05\/remote.php\/dav\/calendars:\/dev\/random:\/dev\/urandom) at \/var\/www\/xxx\/xxx\/web2\/web\/xxx\/lib\/private\/Files\/Storage\/Local.php#370"}

Any ideas ?

thank you

Server version: Apache/2.4.25 (Debian)
PHP 7.0.27-0+deb9u1

dmitry · January 31, 2018, 6:42pm

Hi,

first I would change the owncloud logging level to 3 or 4 to minimize the size of the log file.

then I would check the permissions on your directories in owncloud, especially on the data dir. It should belong to your web server user, www-data or apache

fw114 · January 31, 2018, 6:48pm

HI dmitry,

thank you for your quick answer. the data dir is set to the webvservers user and group, as the hole owncloud dirs also.

fw114 · January 31, 2018, 7:51pm

Tryed to use the occ installer and got:

sudo -u user php occ maintenance:install
PHP Warning: require_once(): open_basedir restriction in effect. File(/var/www/xxxx/xxxxx/console.php) is not within the allowed path(s): (/dev/urandom) in /var/www/xxxx/xxxxx/occ on line 11
PHP Warning: require_once(/var/www/xxxxx/xxxxxx/console.php): failed to open stream: Operation not permitted in /var/www/xxxx/xxxxx/occ on line 11
PHP Fatal error: require_once(): Failed opening required '/var/www/xxxx/xxxxxx/console.php' (include_path='.:/usr/share/php:/usr/share/php/PEAR') in /var/www/xxxx/xxxx/occ on line 11

if have no clue about open_basedir... so i hope someone here can gibe me a hint.

Bernie_O · February 1, 2018, 7:36am

Have a look here and change that value in your php.ini to reflect the folders where the to be executed php files are, or just make the value empty:
http://php.net/open_basedir

I don‘t have any experience with apache, but maybe this can also be set in a .htaccess-file.

fw114 · February 6, 2018, 11:09am

Doesn't work at all. regardless what i am setting in the opebbasedir OC allways says:

open_basedir restriction in effect. File(\/) is not within the allowed path(s)

so im gessing a bug here

DeepDiver1975 · February 6, 2018, 11:14am

did you restart apache after changing php.ini?

fw114 · February 6, 2018, 11:18am

yes of course

(well 20 chars to reply)

DeepDiver1975 · February 6, 2018, 11:26am

mind posting the relevant part of the php.ini file?

fw114 · February 6, 2018, 12:18pm

content of .php-fcgi-starter

!/bin/sh

PHPRC="/var/www/conf/web2"
export PHPRC
PHP_DOCUMENT_ROOT="/var/www/xxxx/xxxxx/web2"
export PHP_DOCUMENT_ROOT

The variable PHP_FCGI_CHILDREN is onyl useful for lighty or nginx as apache

mod_fcgi will control the number of childs themself and never use the additional processes.

PHP_FCGI_CHILDREN=8

export PHP_FCGI_CHILDREN

PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_MAX_REQUESTS
export TMP=/var/www/xxxx/xxxxx/web2/tmp
export TMPDIR=/var/www/xxxxx/xxxxx/web2/tmp
export TEMP=/var/www/xxxx/xxxxx/web2/tmp
exec /usr/bin/php-cgi \
-d open_basedir="/var/www/xxxxx/xxxxx/web2/web:/var/www/xxxxx/xxxxx/web2/private:/var/www/xxxxxx/xxxxx/web/tmp:/var/www/DOMAINNAME/web:/var/www/DOMAINNAME/web/05:/srv/www/DOMAINNAME.net/web:/usr/share/php:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/var/www/xxxxx/xxxx/web2/web/05:/dev/random:/dev/urandom" \
-d upload_tmp_dir=/var/www/xxxx/xxxxx/web2/tmp \
-d session.save_path=/var/www/xxxxx/xxxxxxx/web2/tmp \
-d sendmail_path="/usr/sbin/sendmail -t -i -f webmaster@xxxxxx" \
$1

DeepDiver1975 · February 6, 2018, 12:21pm

You cannot edit php.ini? I'm not familiar with such an fcgi setup - sorry

fw114 · February 6, 2018, 1:55pm

Well with openbase dir = one OC works, so i can perfom the update. Also OC works fine, but if i put basedir back on, i get:

message":"realpath(): open_basedir restriction in effect. File(\/) is not within the allowed path(s): (see above)

what is realpath here and why is in Local.php line 370:

$realPath = $realPath . '/';

??
Would be nice to have some answers here, because my hole family is cut off calender and contacts and i don't want to have basedir set = none

sry, for my bad english, natural german speaker

fw114 · February 9, 2018, 11:15am

Well never mind.

I migrated to nextcloud 13 . runs with the same openbasedir setting like charm...