how to add an open_basedir path in nginx vhost
For your particular situation, you should consider just adding /usr/share
to the default open_basedir
, since anything in there is designed to be read by the world anyway.
Plus, open_basedir
is easily circumvented unless you have locked down shell_exec
, exec
, system
and similar PHP functions so don't consider secured for using it (I know, it sucks).
If you're wondering how you can circumvent it easily, you can just system('php -n ascript.php');
. The -n
will cause no PHP.ini to be read, so no open_basedir
will be applied.
Just FYI, if you have nginx configs set for multiple vhosts (so, configs in /etc/nginx/sites-enabled/example.com
) then you may need to set the fastcgi_param PHP_VALUE open_basedir=
there:
location ~ \.php$ {
try_files $uri =404;
fastcgi_param PHP_VALUE open_basedir="/var/www/:/new/path";
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;