带有FastCGI的PHP open_basedir [英] PHP open_basedir with FastCGI
问题描述
我想要将上传的文件从:
/var/www/vhosts/example-1.com/httpdocs/
vhosts / example-2.com / httpdocs /
FastCGI允许这样做,用户将是特定的到正在使用的域名?所以对于example-1.com,用户将是example-1。如果我定义了open_basedir指令,这个用户能够将文件移动到example-2目录吗?
t听起来像suEXEC正在使用,所以FastCGI将很可能运行的Web服务器运行的相同用户(Apache,无人,守护进程,lighttpd等)。在这种情况下,FastCGI用户将无权创建和写入各种用户目录中的文件。如果您在某个虚拟主机的上传文件夹中将权限设置为777,则可以将文件保存在那里。警告的是文件将由网络服务器用户(阿帕奇等)拥有,现在的虚拟主机用户将不拥有这些文件,不能修改它们。无论open_basedir如何,都是如此。如果这是您的专用服务器,并且您的所有虚拟主机都是您的,那么您可以将某些文件/文件夹的所有权更改为网络服务器的所有权,但是使用suEXEC将是首选,因为在这种情况下,FastCGI将使用vhosts用户作为所有者。
您将仍然有权限问题将文件复制到另一个虚拟主机,因为它们将由不同的用户拥有,但您可以让您的脚本到目标用户的可能性,或添加所有用户到一个共同的组,使他们可以有组读/写权限。
suExec是一个更安全的选项,但可以很复杂地设置正确。你使用的是Apache,lighttpd还是其他的?
Will I run into problems using open_basedir to move files from one domain to another on my server if I am running fastCGI?
I will want to move uploaded files from:
/var/www/vhosts/example-1.com/httpdocs/
to:
/var/www/vhosts/example-2.com/httpdocs/
Will FastCGI allow this given that the user will be specific to the domain in use? So for example-1.com, the user will be example-1. Will this user be able to move files to the example-2 directory, if I define the open_basedir directive?
It doesn't sound like suEXEC is in use so FastCGI will most likely run as the same user the web server is running as (apache, nobody, daemon, lighttpd etc).
In that case, the FastCGI user will not have permission to create and write files in the various user directories. If you set permissions to 777 on an "uploads" folder in one of your vhosts, then it can save files there. The caveat is the files will be owned by the webserver user (apache etc) and now the vhost user won't own those files and cannot modify them. This is the case regardless of open_basedir. If this is your dedicated server and you all of your vhosts are yours, you could change the ownership to that of the webserver on certain files/folders, but using suEXEC would be preferred as in that case FastCGI would write the files using the vhosts user as the owner.
You will still have permissions issues copying the files to another vhost, as they will be owned by a different user, but you could have your script chown them to the destination user as a possibility, or add all the users to a common group so they can have group read/write permission.
suExec is a more secure option, but can be complicated to set up correctly. Are you using Apache, lighttpd or something else?
这篇关于带有FastCGI的PHP open_basedir的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
