The free forums are no longer in use. It remains available as read-only archive.
8:46 am
August 1, 2012
Hi I am testing Xcloner Standalone V3.0
as well as Xcloner v3.1.1 for joomla 2.5 on joomla2.5.6 and I am
having some issues.
Well, open_basedir is something I have
enabled in php.ini of course. I am allowing only the public directory
and a couple of non-public ones. While I am testing this on an ubuntu
local server before going to the production one and although the
backup is being taken fine, I get errors in the error_log such as
this:
[01-Aug-2012 07:32:26 UTC] PHP Warning:
is_file(): open_basedir restriction in effect. File(/media) is not
within the allowed path(s):
(/var/www/clients/client1/web1/web:/var/www/clients/client1/web1/backups)
in /var/www/clients/client1/web1/web/backup-test/cloner.functions.php
on line 1125
Noticing that those 100+ error lines
with the ‘open_basedir restriction in effect’ are all about the
/media directory and no other (very weird indeed) and are actually joomla paths such as
this line:
[01-Aug-2012 07:32:28 UTC] PHP Warning:
is_file(): open_basedir restriction in effect.
File(/media/mod_languages/images/index.html) is not within the
allowed path(s):
(/var/www/clients/client1/web1/web:/var/www/clients/client1/web1/backups)
in /var/www/clients/client1/web1/web/backup-test/cloner.functions.php
on line 1125
The error path should look something
like this:
/var/www/clients/client1/web1/web/media
and not just /media ... anyway, it jsut feels as if xcloner is trying to access
files out of the public directory.
What solves it is adding :/media:/tmp
to the open_basedir in php.ini and now I see no errors.
But the Php open_basedir: in Info tab
shows the restrictions in red. What I do not understand, is how once
I allow all the public directory (/web) which includes /media
directory I still get error from xcloner and in the very weird way I
described.
Most of the admins that would like a
much more secure site would have open_basedir set and I do not
consider asking to have this unset is so wise indeed. Any web
software that I have used so far that does have an
info/testing/area/tab (such as yours and this is good) in order to
test such things, goes 'green' if I allow certain directories the
software needs allowed.
Now concerning the exec function which
is also red in xcloner, I do not consider a Joomla site so secure if
it does not have the following line in php.ini
disable_functions = show_source,
system, shell_exec, passthru, exec, phpinfo, popen, proc_open
I would like your opinion on all this,
I would appreciate your reply.
Your software amazed me at first but I
got to this point that it stressed me.
Thank you
4:24 am
August 1, 2012
Well, in case you believe me, I have, on the local server, and the results are the same, no need for screenshots for this to prove right ?
And just because I do not take your answer as a serious one, once asking to disable open_basedir is like asking one to take all the doors and windows of his house off, I would advice you to recheck your code and find alternatives to do what you do. This reminds me of web developers asking the admins to cmod 777 for their app to work.
You should respect people and their work more, and learn a little bit more about web server security.
1 Guest(s)