» Use PEAR with open_basedir and safe_mode restrictions

You want your website to be as safe as possible. So you'll typically want Open Basedir and Safe Mode to be on. When you're in a shared hosting environment, you'll find that any server administrator with a good sense of security will also have these restrictions in place. However security pretty much always limits functionality and this case is no different. Because what if you are caged in a restricted environment, and you would still like to use shared libraries like the ones provided by PEAR?

You will have to exclude the PEAR directories from the restrictions. This can be done in the virtual host config as follows:

php_admin_value open_basedir /var/www/www.mysite.com/:/usr/share/php/
php_admin_value safe_mode_include_dir /usr/share/php/

Explained

php_admin_value              means we are going to tell php to change a variable
open_basedir                 means change to which paths your scripts are limited
/var/www/www.mysite.com/     is    where your site can be found
:                            means "also"
/usr/share/php/              is    where your PEAR library can be found

php_admin_value              means tell php to change a variable
safe_mode_include_dir        means ignore owner mismatches in the following directory
/usr/share/php/              is    where your PEAR library can be found

You probably shouldn't follow me


Like this Article?

I'd appreciate it if you leave a comment, spread the word, or consider a small donation


Related

Articles like this one

» Make SSH connections with PHP
» Create daemons in PHP
» Survive heavy traffic with your webserver
» Get an article's Digg count in PHP
» What's the deal with php_value, php_admin_flag, etc

tags: open_basedir, safe mode, PEAR, php, virtual host
category: Howto - Webserver
read: 10,586 times

Add comment

(required, shown)(required, not shown)for syntax highlighting

[CODE="Javascript"]
your_code_here();
[/CODE]

Replace "Javascript"
with "php", "text", etc.code (to make sure you are not a spammer)

 Track replies: rss feed comments feed

Comments

#3. Maurice on 02 February 2011

Gravatar.com: MauriceThe "safe_mode_include_dir = /usr/share/php" entry in the php.ini did solved my issue, big thanks for pointing me the right direction :)

#2. Pat on 16 December 2010

Gravatar.com: PatGreat article !
You've saved my life.

#1. Daniel on 13 April 2009

Gravatar.com: DanielThanks for sharing that. Every now and than (usually I do not install software on a daily base) I come across some restrictions with regards to safe_mode. Your post will now be my reference for exactly these cases.