Open_basedir restriction in effect error

hknc · January 22, 2015, 2:40pm

Hi, i’ve made a fresh local development setup with bedrock-ansible + bedrock + roots theme. Now when i am activating the roots theme, i am getting this errors:

Warning: is_writable(): open_basedir restriction in effect. File(/) is not within the allowed path(s): (/srv/www/:/tmp) in /srv/www/test.dev/current/web/wp/wp-admin/includes/misc.php on line 170

Warning: Cannot modify header information - headers already sent by (output started at /srv/www/test.dev/current/web/wp/wp-admin/includes/misc.php:170) in /srv/www/test.dev/current/web/wp/wp-includes/pluggable.php on line 1178

What is causing these error messages?

swalkinshaw · January 22, 2015, 5:56pm

open_basedir is a PHP setting for better security. It means that PHP can only open files in /srv/www/ and /tmp (which is a good thing).

For some reason it looks like it’s trying to open a file in just /. That error is actually from this line:

github.com

WordPress/WordPress/blob/a47a5a177973e51dbdd862cbd7622308caabfc2a/wp-admin/includes/misc.php#L170




	global $wp_rewrite;


	$home_path = get_home_path();
	$htaccess_file = $home_path.'.htaccess';


	/*
	 * If the file doesn't already exist check for write access to the directory
	 * and whether we have some rules. Else check for write access to the file.
	 */
	if ((!file_exists($htaccess_file) && is_writable($home_path) && $wp_rewrite->using_mod_rewrite_permalinks()) || is_writable($htaccess_file)) {
		if ( got_mod_rewrite() ) {
			$rules = explode( "\n", $wp_rewrite->mod_rewrite_rules() );
			return insert_with_markers( $htaccess_file, 'WordPress', $rules );
		}
	}


	return false;
}


/**

Not sure what’s going on with your install as .htaccess doesn’t apply using Nginx. I’ve personally never seen that error or heard of anyone having it before.

fullyint · January 24, 2015, 1:25am

I had a similar error once, related to the PODS plugin. As mentioned here, I added session.save_path = /tmp to my php.ini (e.g., to roles/php/templates/php.ini.j2 in bedrock-ansible).

If you choose to adjust session.save_path and you are using bedrock-ansible, note that bedrock-ansible already has a session.save_path setting in roles/wordpress-sites/templates/php-fpm.conf.j2. However, it is conditional, and would only conflict if you’ve set memcached_sessions: true (default is false) in roles/wordpress-sites/defaults/main.yml.

hknc · January 24, 2015, 11:02am

Thanks for the explanations. I couldn’t find the problem so after i removed everything including vagrant box and made setup again, problem resolved. But i don’t know what was the cause.

jasperfrumau · May 9, 2017, 5:33am

I briefly had the same error after getting this update done :

composer update
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 0 installs, 4 updates, 0 removals
  - Updating johnpbloch/wordpress-core (4.7.3 => 4.7.4): Loading from cache
  - Updating johnpbloch/wordpress (4.7.3 => 4.7.4): Loading from cache
  - Updating wpackagist-plugin/woocommerce (3.0.4 => 3.0.5): Downloading (100%)   - Updating squizlabs/php_codesniffer (2.8.1 => 2.9.0): Loading from cache
Writing lock file
Generating autoload files

The error I got was the same as mentioned:

is_writable(): open_basedir restriction in effect. File(/) is not within the allowed path(s): (/srv/www/:/tmp) in /../wp-admin/includes/misc.php on line 209

When I reloaded the site the error disappeared again. When I checked the error logs using
tail /srv/www/sub.domain.com/logs/error.log I had zero data in the logs. Latest errors were from two months ago. Odd, really, but that is all I can say about it now. Perhaps a glitch?

GhostInTheMachines · March 22, 2018, 6:18pm

This wordpress-sites directory must have changed since this posting in Jan 15. I can only find the php-fpm.conf.j2 file in roles/wordpress-setup/templates now since there is no wordpress-sites directory.

I just started using the Trellis/Bedrock packages, but I am also getting this error that I can’t seem to find any current instructions on how to correct this error.

Warning: is_writable() [function.is-writable]:
open_basedir restriction in effect.
File(/) is not within the allowed path(s):

Also, my roles/php/templates/php.ini.js looks like this:
session.save_path = {{ php_session_save_path }}

Could I just add the extra / directory at the end preceeding it with a colon?
e.x. session.save_path = {{ php_session_save_path }}:/tmp:/

Michael · March 18, 2020, 10:00pm

If you need to temporarily remove basedir restrictions on the fly, here’s a where you can manually make the open_basedir = none change. Keep in mind this is not the best practice but I’m sharing it to help you get out of a temporary jam.

    php -v
    cd /etc/php/7.3/fpm/pool.d
    nano wordpress.conf
# change value to = none
    php_admin_value[open_basedir] = none
# quit + save
    systemctl restart php7.3-fpm

pacotole · October 21, 2022, 3:57pm

I’ve recently had this problem on a few projects. The cause seems to be some WooCommerce payment gateway plugin that regenerates its endpoints on each query and force flush rewrite rules.

As says:

So, you can safely disable write of .htacces file adding the filter:

add_filter('flush_rewrite_rules_hard','__return_false');

pacotole · December 27, 2022, 4:46pm

About this error: In some of our projects we have had problems with random number generation with some plugin that did not use @ when accessing '/dev/urandom'. Also many PHP Notices records are generated in the error logs (WordPress uses it, @is_readable('/dev/urandom'), for password generation).
I think it is safe to access the read-only file '/dev/urandom' and that’s why we added it in our Trellis:

php_admin_value[open_basedir] = {{ www_root }}/:/tmp:/dev/urandom

I can make a Pull Request if you find it useful for general use.

strarsis · December 27, 2022, 5:31pm

Related discussion:

sweeble · March 15, 2023, 10:21pm

The following appears to be the cause of the open_basedir error:

In core WP function get_home_path() in wp-admin/includes/file.php at line 107, there’s a $pos variable that gets the strripos of the relative path to the WordPress root directory (which in Bedrock is /wp/) in the full server path to the site root index.php, which returns false since site root index.php is outside of /wp/ in Bedrock.

I haven’t thought through how to solve this, especially since WP_SITEURL=${WP_HOME}/wp in .env and get_home_path() uses that value. For .htaccess stuff, maybe it’s enough to disable hooks such as @pacotole suggested. But get_home_path() is still broken and unavailable for non-htaccess stuff.

Ideas, anyone?

strarsis · March 15, 2023, 11:06pm

What you are describing appears in this issue (also related to Bedrock), is it the same?

github.com/wp-media/wp-rocket-cli

htaccess regeneration not working from CLI with Bedrock

opened 01:39PM - 15 Jul 20 UTC

Sidlegionair

type: bug community severity: high 3rd party compatibility

Hi, The regeneration command does not work when running bedrock (https://root…s.io/bedrock). It fails to detect the correct htaccess path from CLI and then it will stop to work here (htaccess.php line 33) $htaccess_file = get_home_path() . '.htaccess'; if ( ! rocket_direct_filesystem()->is_writable( $htaccess_file ) ) { // The file is not writable or does not exist. return false; }

Here is another plugin that adjusted this part to Bedrock paths:
https://github.com/igniteB0T/litespeed-cache

sweeble · March 16, 2023, 12:38am

@strarsis, that does appear to be the same issue. What brought this to my attention was GiveWP that has a Form class that hits the core WordPress WP_Rewrite class without checking whether the server is nginx. I’m wondering whether this problem is fully dependent on plugin developers to solve, or if there’s a way for Bedrock to solve it.