How to disable the PHP open_basedir restriction for a specific domain in Plesk

How to disable the PHP open_basedir restriction for a specific domain in Plesk

In PHP, the directive open_basedir of the php.ini configuration specifies a limit of the directories and files that can be accessed by PHP to the specified directory-tree, including itself. In the background, this functionality works like this, for example, when you try to read a file using include, fopen, file_get_contents, the location of the file is checked, so if the file location is outside of the specified directory-tree in open_base_dir, PHP will refuse to access it, making your code fail (symbolic links are resolved, so you can't circumvent this restriction doing this). 

In the Plesk environment, for some administrators, this could mean that Project A located in Directory A, wouldn't be able to access the files of Project B located in Directory B. In some cases, it's necessary for interoperability.

Understanding what the limitation is

Assume that the following PHP file is hosted at projecta.mydomain.com at a Plesk server. What this basically does is to read a file from Project B inside a PHP file located at Project A:

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <title>Document</title>
    </head>
    <body>
        <h2>Sandbox</h2>
        <pre>
        <?php
            // This file is located at:
            // /var/www/vhosts/projecta/index.php
            // 
            // Display errors to know what's happening
            ini_set('display_errors', 1);
            ini_set('display_startup_errors', 1);
            error_reporting(E_ALL);
            
            // Get the file from projectb
            echo file_get_contents("/var/www/vhosts/projectb/filefromb.txt");
        ?>
        </pre>
    </body>
</html>

If you run the code from the first application, the following errors will appear if you have the default open_basedir configured:

Warning:  file_get_contents(): open_basedir restriction in effect.
File(/var/www/vhosts/projectb/filefromb.txt) is not within the allowed path(s): 
(/var/www/vhosts/projecta/:/tmp/) in /var/www/vhosts/projecta/index.php on line 16

Warning:  
file_get_contents(/var/www/vhosts/projectb/filefromb.txt): failed to open stream: 
Operation not permitted in /var/www/vhosts/projecta/index.php on line 16

The solution, would be to add the directory of projectb to the open_basedir of projecta.

Try to specify the required directories in the directive

As a recommendation, you shouldn't remove this protection basically because if you are the administrator of a Plesk server, where some of the owners of the projects that you host, have access to the code, they would simply have access to areas and files of your server that they simply shouldn't. So, if you know the directory that you need to access, grant the access by adding the parameter to the open_basedir directive. Navigate to your domain and open the PHP settings:

Plesk Add Open Base Dir

To separate directories, use a colon (:) on Linux and a semicolon (;) on Windows. For example, if you want the project to be able to access the directory /var/www/vhosts/projectb, add in Windows ;/var/www/vhosts/projectb or in Linux :/var/www/vhosts/projectb. Always try to add the directories that you need and you won't have any trouble, you may deal however with the permissions of the file (chmod), but that's another history.

Disable open_basedir restriction

We make emphasis this approach once again unless you really know that there should be no limitation of access of the PHP code hosted on the server, don't remove the restriction.

If you want to continue because you know what you're doing, the solution isn't the one you expect with the regular configuration of PHP. In PHP is possible to remove the open_basedir limitation by setting its value to "none" in the php.ini, so you may do the same thing in Plesk. To remove the  open_basedir restriction, set its value in Plesk going to the PHP Setting of your domain:

open_basedir PHP None Plesk

Important note

Now, to understand what's going on now after disabling the open_basedir restriction is that you won't have anymore the warning of open_basedir restriction in effect, however, if you try to access a file that is inside a directory whose permissions don't allow you to access the file (e.g 710) even though the file has 777, you won't be able to access it.

Happy coding ❤️!

This could interest you

Become a more social person