open_basedir restriction in effect – How to resolve access restriction error in Odin Plesk Linux servers

Occasionally website owners report the error “Warning: realpath() [function.realpath]: open_basedir restriction in effect. File(/path/to/file) is not within the allowed path(s)” displayed for their websites in Odin Plesk servers.

It usually happens after installing an application or a site upgrade, and causes the website to crash with this error.

What is this error?

open_basedir is a PHP feature to restrict the directories a PHP application can access. So, even if an application vulnerability allows an attacker to control the application, it cannot access critical server files.

By default Plesk limits PHP access of each account to its web-root and /tmp folder. So, when an application requires access to an outside folder, like “/usr/lib/php/modules” where a PHP library or a function is defined, the open_basedir restriction will cause this error.

How to fix this error?

There two broad ways in which this error can be resolved:

1. Disabling the open_basedir setting.
2. Adding the required path to the allowed paths in open_basedir

See how we add value to your business!

Disabling open_basedir setting

open_basedir can be disabled either globally or specifically for one user. This is done by changing the value of open_basedir to “none” as shown below:

Edit HTTPD_VHOSTS_D/your_domain.com/conf/vhost.conf and HTTPD_VHOSTS_D/your_domain.com/conf/vhost_ssl.conf, and add the below line to it:


    php_admin_value open_basedir none

However, this is NOT RECOMMENDED for any server, especially in shared servers. The better way is to add the additional file location in the default path list.

[ Take care of your customers, before your competitors do. Get world-class support specialists to delight your customers. ]

Appending the allowed path list

You can get the application to run safely by adding the new file path to the existing open_basedir path list as shown below:

Edit HTTPD_VHOSTS_D/your_domain.com/conf/vhost.conf and HTTPD_VHOSTS_D/your_domain.com/conf/vhost_ssl.conf, and add the below line to it:

php_admin_value open_basedir HTTPD_VHOSTS_D/your_domain.com/httpdocs:/tmp:/NEW_FILE_PATH

Once these files are edited, you need to reconfigure the web server as shown below:

In Plesk versions 9.x and older run the command:
# /usr/local/psa/admin/sbin/websrvmng -a -v

In Plesk 10.x, run the command:
# /usr/local/psa/admin/sbin/httpdmng --reconfigure-all

Once this is done, use a phpinfo file to check if the setting has taken effect. Put the code below in a php file in the web root to see the setting:

phpinfo();

 

Web application configuration can fail due to a variety of reasons in a Odin Plesk environment. Bobcares helps Plesk webmasters quickly resolve a web application configuration issue, thereby minimizing business downtime.

SEE HOW WE HELP PLESK WEBMASTERS


GET 24 HOURS PHONE SUPPORT SERVICES

Use Bobcares for your phone support services. Ensure 24/7 coverage for your customers!

CONTACT US FOR 24/7 PHONE SUPPORT PLANS

Bobcares
BUSY WITH TECH SUPPORT ALL DAY? We help web hosts and other web solution providers save time and focus on growth.
Here's how we helped a web host reduce support engagement time from 3 hours to 30 mins per day:
SEE CASE STUDY