【问题标题】:Symfony2 open_basedir restriction in effectSymfony2 open_basedir 限制生效
【发布时间】:2016-01-18 15:59:45
【问题描述】:

我正在尝试将 symfony 2.7 项目部署到共享主机。在本地主机上一切正常,但在服务器上我遇到了很大的错误......

当我尝试访问该网站时:

http://infinityproperty.sitetester.biz/

我遇到了一个错误:

警告:is_dir():open_basedir 限制生效。文件(/srv/www/infinityproperty.sitetester.biz/web)不在允许的路径中:

当我尝试输入 3-4 次时,它会消除错误并且我可以看到结构。但问题就在那里。也没有显示来自 liipimage 的图像。

我已经删除了对语言环境的检查,并且可以看到错误:

http://infinityproperty.sitetester.biz/app_dev.php

我知道这很危险,我会在解决我的问题后完全删除它。

应用程序、bin 等是私人文件夹中的一个目录。

这是基本配置:

imports:
    - { resource: parameters.yml }
    - { resource: security.yml }
    - { resource: services.yml }

# Put parameters here that don't need to change on each machine where the app is deployed
# http://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
parameters:
    locale: bg
    kernelRootDir: %kernel.root_dir%
    web: "/../../web"
framework:
    #esi:             ~
    translator:      { fallbacks: ["%locale%"] }
    secret:          "%secret%"
    router:
        resource: "%kernel.root_dir%/config/routing.yml"
        strict_requirements: ~
    form:            ~
    csrf_protection: ~
    validation:      { enable_annotations: true }
    #serializer:      { enable_annotations: true }
    templating:
        engines: ['twig']
        #assets_version: SomeVersionScheme
    default_locale:  "%locale%"
    trusted_hosts:   ~
    trusted_proxies: ~
    session:
        # handler_id set to null will use default session handler from php.ini
        handler_id:  ~
    fragments:       ~
    http_method_override: true

# Twig Configuration
twig:
    debug:            "%kernel.debug%"
    strict_variables: "%kernel.debug%"
    globals:
        kernelRootDir: %kernel.root_dir%
    form_themes:
        # other form themes
        - 'CoreBundle:VichForm:fields.html.twig'
# Assetic Configuration
assetic:
    debug:          "%kernel.debug%"
    use_controller: false
    bundles:        [CoreBundle,FOSUserBundle,PagesBundle]
    #java: /usr/bin/java
    filters:
        cssrewrite: ~
        #closure:
        #    jar: "%kernel.root_dir%/Resources/java/compiler.jar"
        #yui_css:
        #    jar: "%kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar"

# Doctrine Configuration
doctrine:
    dbal:
        driver:   pdo_mysql
        host:     "%database_host%"
        port:     "%database_port%"
        dbname:   "%database_name%"
        user:     "%database_user%"
        password: "%database_password%"
        charset:  UTF8
        # if using pdo_sqlite as your database driver:
        #   1. add the path in parameters.yml
        #     e.g. database_path: "%kernel.root_dir%/data/data.db3"
        #   2. Uncomment database_path in parameters.yml.dist
        #   3. Uncomment next line:
        #     path:     "%database_path%"

    orm:
        auto_generate_proxy_classes: "%kernel.debug%"
        naming_strategy: doctrine.orm.naming_strategy.underscore
        auto_mapping: true

# Swiftmailer Configuration
swiftmailer:
    transport: "%mailer_transport%"
    host:      "%mailer_host%"
    username:  "%mailer_user%"
    password:  "%mailer_password%"
    spool:     { type: memory }
fos_user:
    db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
    firewall_name: main
    user_class: George\UserBundle\Entity\User
simple_things_entity_audit:
    audited_entities:
        - George\PageBundle\Entity\Page
        - George\UserBundle\Entity\User
stof_doctrine_extensions:
    orm:
        default:
            sluggable: true
            sortable: true
            timestampable: true
vich_uploader:
    db_driver: orm
    mappings:
        product_image:
            uri_prefix:         /images/products
            upload_destination: %kernel.root_dir%/../../web/images/products
            inject_on_load:     false
            delete_on_update:   true
            delete_on_remove:   true
        apartment_image:
            uri_prefix:         /images/apartment
            upload_destination: %kernel.root_dir%/../../web/images/apartment
            inject_on_load:     false
            delete_on_update:   true
            delete_on_remove:   true
        slide_image:
            uri_prefix:         /images/slider
            upload_destination: %kernel.root_dir%/../../web/images/slider
            inject_on_load:     false
            delete_on_update:   true
            delete_on_remove:   true
        point_image:
            uri_prefix:         /images/point
            upload_destination: %kernel.root_dir%/../../web/images/point
            inject_on_load:     false
            delete_on_update:   true
            delete_on_remove:   true
        object_image:
            uri_prefix:         /images/object
            upload_destination: %kernel.root_dir%/../../web/images/object
            inject_on_load:     false
            delete_on_update:   true
            delete_on_remove:   true
        gallery_image:
            uri_prefix:         /images/gallery
            upload_destination: %kernel.root_dir%/../../web/images/gallery
            inject_on_load:     false
            delete_on_update:   true
            delete_on_remove:   true
        company_image:
            uri_prefix:         /images/company
            upload_destination: %kernel.root_dir%/../../web/images/company
            inject_on_load:     false
            delete_on_update:   true
            delete_on_remove:   true
liip_imagine:
    resolvers:
       default:
          web_path: ~

    filter_sets:
        cache: ~
        my_thumb:
            quality: 75
            filters:
                thumbnail: { size: [120, 90], mode: outbound }
        720x534:
            quality: 75
            filters:
                thumbnail: { size: [720,534],  mode: outbound }
        1920x1440:
            quality: 75
            filters:
                thumbnail: { size: [1920,1440],  mode: outbound }
oneup_uploader:
    mappings:
        gallery:
            frontend: fineuploader # or any uploader you use in the frontend
            allowed_mimetypes: [image/jpeg,image/png,image/gif]
            namer:  oneup_uploader.namer.uniqid

a2lix_translation_form:
    locale_provider: default       # [1]
    locales: [bg, en]          # [1-a]
    default_locale: bg             # [1-b]
    required_locales: [bg]         # [1-c]
    manager_registry: doctrine      # [2]
    templating: "A2lixTranslationFormBundle::default.html.twig"      # [3]
swiftmailer:
    transport: '%mailer_transport%'
    host:      '%mailer_host%'
    username:  '%mailer_user%'
    password:  '%mailer_password%'
stfalcon_tinymce:
        tinymce_jquery: true
        selector: ".tinymce"
        # Get current language from the parameters.ini
        language: %locale%
        # Custom buttons
        tinymce_buttons:
            stfalcon: # Id of the first button
                title: "Stfalcon"
                image: "http://stfalcon.com/favicon.ico"
        theme:
            # Simple theme: same as default theme
            simple: ~
            # Advanced theme with almost all enabled plugins
            advanced:
                 plugins:
                     - "advlist autolink lists link image charmap print preview hr anchor pagebreak"
                     - "searchreplace wordcount visualblocks visualchars code fullscreen"
                     - "insertdatetime media nonbreaking save table contextmenu directionality"
                     - "emoticons template paste textcolor"
                 toolbar1: "insertfile undo redo | styleselect | bold italic | alignleft aligncenter alignright alignjustify | bullist numlist outdent indent | link image"
                 toolbar2: "print preview media | forecolor backcolor emoticons | stfalcon | example"
                 image_advtab: true
                 templates:
                     - {title: 'Three columns', content: '<div class="firstColumn">aaaaaa</div><div class="secondColumn">aaaaaa</div><div class="thirdColumn">ccccc</div>'}
                     - {title: 'checklist', content: '<ul><li>Chek 1</li><li>Chek 1</li></ul>'}
            # BBCode tag compatible theme (see http://www.bbcode.org/reference.php)
            bbcode:
                 plugins: ["bbcode, code, link, preview"]
                 menubar: false
                 toolbar1: "bold,italic,underline,undo,redo,link,unlink,removeformat,cleanup,code,preview"

编辑

这不是 open_basedir 的问题...这是该项目的第一次部署,因此路径存在一些问题...因此解决方案是清除所有缓存并使所有目录也具有适当的权限配置文件需要稍微细化一下,基本上应该把核心 symfony 放在哪里。

【问题讨论】:

  • 你能改变 open_basedir 指令或将其完全删除吗?
  • 我看到有些人正在谈论删除它,但这不是一个选项,因为如果有人入侵您的服务器,这是一种限制......
  • 如果不取消这个限制,是否可以不取消?我正在使用 ISPconfig。
  • 查看我的答案以获取有关解决此问题的信息。

标签: php symfony liipimaginebundle


【解决方案1】:

请注意,使用“open_basedir”指令将禁用“realpath_cache”。

当您设置 PHP 的 open_basedir 限制时,PHP 将停用 realpath 缓存。 这将降低任何使用多个文件(include_once、require_once)的 PHP 应用程序的性能,例如 WordPress、Drupal 和 Magento——仅举几例。 当 PHP 团队修复 CVE-2006-5178 时,决定在使用 open_basedir(和之前的 safe_mode)限制时停用 realpath 缓存。有关详细信息,请参阅 PHP 的错误报告 52312。

我已经挖掘了几天才发现这一点。由于 Symfony 严重依赖缓存,这让我的项目性能从约 1000 毫秒提高到约 60 毫秒。但是你必须考虑可能的安全风险......

【讨论】:

  • 这应该是关于使用 Symfony 的选择答案。感谢您的背景调查!
【解决方案2】:

您可以完全删除 open_basedir 限制。手动修改您的 php.ini 文件,或在位于WebSites -&gt; Your Site -&gt; Options -&gt; Custom php.ini settings 的控制面板中将其修改为:

open_basedir =

这应该可以解决您的问题。如果您仍然担心这很危险,您还可以手动将基本目录设置为您的文件夹:

open_basedir = /srv/www/infinityproperty.sitetester.biz/web

【讨论】:

  • 您尝试了哪种方法?只要您实际上能够修改该设置,第一个应该可以工作。
  • 我已经尝试了这两个,但都没有成功。我不明白文件夹想要什么,因为查看它想要的所有文件夹:infinityproperty.sitetester.biz/app_dev.php
  • 您使用的是符号链接吗?如果是这样,您还需要更新 Apache DocumentRoot 指令。
  • 在本站还是在整个服务器?
  • 我的意思是/srv/www/infinityproperty.sitetester.biz/web/var/www/clients/client1/web51/web 的符号链接?如果是这样,您需要在 Apache 中更改 DocumentRoot 以指向您的符号链接文件夹。你想如何设置open_basedir btw?看起来您只是一遍又一遍地将同一个文件夹附加到现有文件夹,而不是用空白值完全覆盖它,这是您应该首先尝试的。
猜你喜欢
  • 2012-05-02
  • 2014-09-18
  • 1970-01-01
  • 2013-01-06
  • 2016-03-16
  • 1970-01-01
  • 2014-02-21
  • 2014-09-27
  • 2011-03-16
相关资源
最近更新 更多