PHP open_basedir with FastCGI

2019-09-06 15:11发布

问题:

Will I run into problems using open_basedir to move files from one domain to another on my server if I am running fastCGI?

I will want to move uploaded files from:

/var/www/vhosts/example-1.com/httpdocs/

to:

/var/www/vhosts/example-2.com/httpdocs/

Will FastCGI allow this given that the user will be specific to the domain in use? So for example-1.com, the user will be example-1. Will this user be able to move files to the example-2 directory, if I define the open_basedir directive?

回答1:

It doesn't sound like suEXEC is in use so FastCGI will most likely run as the same user the web server is running as (apache, nobody, daemon, lighttpd etc).

In that case, the FastCGI user will not have permission to create and write files in the various user directories. If you set permissions to 777 on an "uploads" folder in one of your vhosts, then it can save files there. The caveat is the files will be owned by the webserver user (apache etc) and now the vhost user won't own those files and cannot modify them. This is the case regardless of open_basedir. If this is your dedicated server and you all of your vhosts are yours, you could change the ownership to that of the webserver on certain files/folders, but using suEXEC would be preferred as in that case FastCGI would write the files using the vhosts user as the owner.

You will still have permissions issues copying the files to another vhost, as they will be owned by a different user, but you could have your script chown them to the destination user as a possibility, or add all the users to a common group so they can have group read/write permission.

suExec is a more secure option, but can be complicated to set up correctly. Are you using Apache, lighttpd or something else?