open_basedir: can read but not write outside rootRSS

1 reply

Last post Mar 17, 2012 08:01 AM by aaroncheung

  • open_basedir: can read but not write outside root

    Mar 08, 2012 09:33 AM|friscokid|LINK

    Hello,

    I'm running PHP 5.3.10 via fastcgi on a Windows Server 2008 R2 with IIS 7.5.

    I have a problem with the open_basedir setting in the php.ini, which allows me to read files, alter files but not create files in the specified open_basedir locations.

    I have a website loacted at D:\inetpub\vhosts\mywebsite and a data folder located at D:\mydata.
    The open_basedir value is set to:
    open_basedir="D:\inetpub\vhosts\mywebsite;D:\mydata"

    When I disable the open_basedir value in the php.ini, a script run from D:\inetpub\vhosts\mywebsite\httpdocs\myscript.php can create files and folders under the D:\mydata folder and alter these files (e.g. mkdir or fopen(..,w) works). So the permissions of IUSR seem to be set correctly.

    However when I set the open_basedir to the above values, I cannot create files or folders under D:\mydata anymore. All I get is an open_basedir restriction in effect warning.

    The strange thing is, that I can still write to the file if it already exists. For example if I remove the open_basedir value I can create a file D:\mydata\testfile.txt with fopen("D:/mydata/testfile.txt", w). Then when I enable open_basedir again, I can write to that file but I can't create it, if it didn't exist before.

    I expected that I can read write and modify files within folders that are specified in the open_basedir value but that is not the case.

    Is it a problem that the folders I want to write to are outside of the document root? But even if that is a problem, why can I write to files that already exist, but can't create files or folders?

     Any help appreciated.

  • Re: open_basedir: can read but not write outside root

    Mar 17, 2012 08:01 AM|aaroncheung|LINK

    Maybe you can set open_basedir to D:\inetpub\vhosts\mywebsite and try to create the file there see whether it works or what the detail error message is.

     It looks this behavior is not related with IIS but php instead.