Open_basedir restriction in effect error

Hi, i’ve made a fresh local development setup with bedrock-ansible + bedrock + roots theme. Now when i am activating the roots theme, i am getting this errors:

Warning: is_writable(): open_basedir restriction in effect. File(/) is not within the allowed path(s): (/srv/www/:/tmp) in /srv/www/ on line 170

Warning: Cannot modify header information - headers already sent by (output started at /srv/www/ in /srv/www/ on line 1178

What is causing these error messages?

open_basedir is a PHP setting for better security. It means that PHP can only open files in /srv/www/ and /tmp (which is a good thing).

For some reason it looks like it’s trying to open a file in just /. That error is actually from this line:

Not sure what’s going on with your install as .htaccess doesn’t apply using Nginx. I’ve personally never seen that error or heard of anyone having it before.


I had a similar error once, related to the PODS plugin. As mentioned here, I added session.save_path = /tmp to my php.ini (e.g., to roles/php/templates/php.ini.j2 in bedrock-ansible).

If you choose to adjust session.save_path and you are using bedrock-ansible, note that bedrock-ansible already has a session.save_path setting in roles/wordpress-sites/templates/php-fpm.conf.j2. However, it is conditional, and would only conflict if you’ve set memcached_sessions: true (default is false) in roles/wordpress-sites/defaults/main.yml.


Thanks for the explanations. I couldn’t find the problem so after i removed everything including vagrant box and made setup again, problem resolved. But i don’t know what was the cause.

I briefly had the same error after getting this update done :

composer update
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 0 installs, 4 updates, 0 removals
  - Updating johnpbloch/wordpress-core (4.7.3 => 4.7.4): Loading from cache
  - Updating johnpbloch/wordpress (4.7.3 => 4.7.4): Loading from cache
  - Updating wpackagist-plugin/woocommerce (3.0.4 => 3.0.5): Downloading (100%)   - Updating squizlabs/php_codesniffer (2.8.1 => 2.9.0): Loading from cache
Writing lock file
Generating autoload files

The error I got was the same as mentioned:

is_writable(): open_basedir restriction in effect. File(/) is not within the allowed path(s): (/srv/www/:/tmp) in /../wp-admin/includes/misc.php on line 209

When I reloaded the site the error disappeared again. When I checked the error logs using
tail /srv/www/ I had zero data in the logs. Latest errors were from two months ago. Odd, really, but that is all I can say about it now. Perhaps a glitch?

1 Like

This wordpress-sites directory must have changed since this posting in Jan 15. I can only find the php-fpm.conf.j2 file in roles/wordpress-setup/templates now since there is no wordpress-sites directory.

I just started using the Trellis/Bedrock packages, but I am also getting this error that I can’t seem to find any current instructions on how to correct this error.

Warning: is_writable() []:
open_basedir restriction in effect.
File(/) is not within the allowed path(s):

Also, my roles/php/templates/php.ini.js looks like this:
session.save_path = {{ php_session_save_path }}

Could I just add the extra / directory at the end preceeding it with a colon?
e.x. session.save_path = {{ php_session_save_path }}:/tmp:/

If you need to temporarily remove basedir restrictions on the fly, here’s a where you can manually make the open_basedir = none change. Keep in mind this is not the best practice but I’m sharing it to help you get out of a temporary jam.

    php -v
    cd /etc/php/7.3/fpm/pool.d
    nano wordpress.conf
# change value to = none
    php_admin_value[open_basedir] = none
# quit + save
    systemctl restart php7.3-fpm
1 Like

I’ve recently had this problem on a few projects. The cause seems to be some WooCommerce payment gateway plugin that regenerates its endpoints on each query and force flush rewrite rules.

As says:

So, you can safely disable write of .htacces file adding the filter:


1 Like

About this error: In some of our projects we have had problems with random number generation with some plugin that did not use @ when accessing '/dev/urandom'. Also many PHP Notices records are generated in the error logs (WordPress uses it, @is_readable('/dev/urandom'), for password generation).
I think it is safe to access the read-only file '/dev/urandom' and that’s why we added it in our Trellis:

php_admin_value[open_basedir] = {{ www_root }}/:/tmp:/dev/urandom

I can make a Pull Request if you find it useful for general use.

Related discussion:

The following appears to be the cause of the open_basedir error:

In core WP function get_home_path() in wp-admin/includes/file.php at line 107, there’s a $pos variable that gets the strripos of the relative path to the WordPress root directory (which in Bedrock is /wp/) in the full server path to the site root index.php, which returns false since site root index.php is outside of /wp/ in Bedrock.

I haven’t thought through how to solve this, especially since WP_SITEURL=${WP_HOME}/wp in .env and get_home_path() uses that value. For .htaccess stuff, maybe it’s enough to disable hooks such as @pacotole suggested. But get_home_path() is still broken and unavailable for non-htaccess stuff.

Ideas, anyone?

What you are describing appears in this issue (also related to Bedrock), is it the same?

Here is another plugin that adjusted this part to Bedrock paths:

@strarsis, that does appear to be the same issue. What brought this to my attention was GiveWP that has a Form class that hits the core WordPress WP_Rewrite class without checking whether the server is nginx. I’m wondering whether this problem is fully dependent on plugin developers to solve, or if there’s a way for Bedrock to solve it.