Suhosin, open_basedir restriction, sentora temp folder

[jntslvdrt]

Hello good people, I'm on Sentora in a Ubuntu 14 64 bits.
I'm using OpenCart + Export / Import tool that uses PHPExcel

I'm having trouble with temp path. I do know what is causing the error, actually it's suhosin protecting accounts passing over its directory. PHPExcel, which is inside an account (customer), is trying to access sentora temporary upload folder.
Well, I also do know how to solve it, better saying I think I know. I just need to change temporary folder path for this customer in specific. Isn't it? But how to do this? Probably using overrhide function just like documentation says here http://docs.sentora.org/?node=64 right? 
I don't know the parameters. 

I just want to set temp folder for Customer X as /var/zpanel/hostdata/X/temp instead of global /var/sentora/temp. 

Can you help me? Above you can see the log file.



2015-06-15 9:48:36 - PHP Warning:  realpath(): open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/var/sentora/hostdata/vulcanus/public_html/oc2_vulcanus_com_br:/var/sentora/temp/) in /var/sentora/hostdata/vulcanus/public_html/oc2_vulcanus_com_br/system/PHPExcel/Classes/PHPExcel/Shared/File.php on line 175
2015-06-15 9:48:36 - PHP Warning:  tempnam(): open_basedir restriction in effect. File() is not within the allowed path(s): (/var/sentora/hostdata/vulcanus/public_html/oc2_vulcanus_com_br:/var/sentora/temp/) in /var/sentora/hostdata/vulcanus/public_html/oc2_vulcanus_com_br/system/PHPExcel/Classes/PHPExcel/Writer/Excel2007.php on line 197
2015-06-15 9:48:36 - PHP PHPExcel_Writer_Exception:  Could not close zip file php://output. in /var/sentora/hostdata/vulcanus/public_html/oc2_vulcanus_com_br/system/PHPExcel/Classes/PHPExcel/Writer/Excel2007.php on line 399

[apinto]

Hello jntslvdrt,
In order to change the suhosin open_base_dir you need to alter the vhosts entry.

For it not to be overwritten by the Daemon, you need to add a custom vhost entry:

1. Go to Admin > Module Admin (on Sentora CP).
   
2. Select Apache Config (it's the very first option).
   
3. Scroll Down to the end of the page and under the Override a Virtual Host Setting choose the website you want.
   
4. Now on the text area input: Custom Entry you need to enter the following  :
   
   
   Code:

   php_admin_value open_basedir "/var/sentora/hostdata/zadmin/public_html/domain_tld:/var/zpanel/hostdata/X/temp/"
   
   
   
5. (do not forget to click Save when you are done)
   

Done

[Me.B]

easier solution setup a temp folder under public folder /temp and then drop there a .htaccess that prevent any access.

M B

[jntslvdrt]

Thanks you both. I think it's a good idea Me.B.

I've overridden but same thing keeps occurring... but that time with right path.
Code I managed in override field:

PHP Code:

php_admin_value open_basedir "/var/sentora/hostdata/vulcanus/public_html/oc2_vulcanus_com_br:/var/sentora/hostdata/vulcanus/temp/" 


Log attached to avoid visual pollution  

[apinto]

jntslvdrt actually Me.B solution is better than mine, if it is possible to change.

Regarding your log, are you sure you sure the paths are correct?
By reading that log I can't identify the issue.

[jntslvdrt]

Correct me if I'm wrong
/var/sentora/hostdata/vulcanus/public_html/oc2_vulcanus_com_br:/var/sentora/hostdata/vulcanus/temp/

PHP Code:

first:second 


First part is about which directory is authorized to use second, second is about where temp file will be when it's necessary to manage temp file. Right?

So, web files are on /var/sentora/hostdata/vulcanus/public_html/oc2_vulcanus_com_br/ and I wish temp folder were /var/sentora/hostdata/vulcanus/temp/ but it could be /var/sentora/hostdata/vulcanus/public_html/temp/ too

Anyway, log says even /var/sentora/hostdata/vulcanus/temp is not allowed, but it's actually inside "customer" perimeter because it's inside /var/sentora/hostdata/vulcanus/

[apinto]

I think there is some confusion here.

Changing php_admin_value_open_basedir will ONLY allow you to execute php files on "/var/sentora/hostdata/X/temp/".
Code:

Code:

php_admin_value open_basedir "/var/sentora/hostdata/zadmin/public_html/domain_tld:/var/sentora/hostdata/X/temp/"

This will NOT CHANGE the temp folder.

You need to know which folder does PHPExcel uses as temp and add that to the php_admin_value open_basedir.
Ideally you should change the script to use the default PHP tempo folder to avoid editing the open_basedir entry.

I've searched for your issue and it is related to PHPExcel and not Sentora/PHP, so you should NOT try to change the server configuration to fit the script (specially considering the server is well configured for security).

- First of all verify if you are using PHPExcel 1.8, there are multiple issues with 1.7 and some of them are related to the temp folder.

The most complete post I've saw about your issue is https://christinedeffaixremy.wordpress.c..._temp_dir/ sadly it is in french, however you should be able to understand.

Good luck

[jntslvdrt]

Sorry but I think it's totally doable. I just can't stand the ideia of changing script everytime shit happens.
I've managed to change temp dir.

PHP Code:

php_admin_value upload_tmp_dir "/var/sentora/hostdata/vulcanus/tmp"

php_admin_value open_basedir "/var/sentora/hostdata/vulcanus/public_html/oc2_vulcanus_com_br:/var/sentora/hostdata/vulcanus/tmp/" 


My PHP info shows temp dir set as upload_tmp_dir parameter.
But, let's put in a logical way. I set a custom temp upload directory and I set this directory to be able to run php.

PHPExcel script detect which temp dir is set. You can notice that because log says exactly the directories I've set using php_admin parameters...

I can't understand French but I'll use a translator, later I'll come back

[jntslvdrt]

SHIIIIIIIIIIIIIIIIIIIIIIIT! I made it!
I just realize that even oc2.vulcanus.com.br (oc2_vulcanus_com_br) being subdomain of vulcanus.com.br one can't access another.
In order to make it work I need to set temp dir anywhere just in or after /var/hostdata/vulcanus/public_html/oc2_vulcanus_com_br/
or /var/hostdata/ACCOUNT/public_html/domain.tld/ or /var/hostdata/ACCOUNT/public_html/sub.domain.tld/


Anywhere different than that like /var/sentora/hostdata/vulcanus/tmp will definitely not work simply because it's not inside domain or subdomain folder.

Sorry for all the trouble, it was caused simply because of me being not able to understand how suhosin/open_basedir works.

Thank you so much guys.

[apinto]

PHPExcel script detect which temp dir is set. You can notice that because log says exactly the directories I've set using php_admin parameters...

Actually the error only tells you what the open_basedir directory is, regardless of what directory PHPExcel is currently using.

Like I told you, the issue is within PHPExcel and not within the server, althou I do understand you not wanting to change a script it is the most correct step is cases like this.



Anyways, glad you could solve the issue