[Typo3-linux] Using one typo3-source for more than one webroot.
Boris Senker
typo3 at dvotocka.hr
Tue Jul 19 11:46:35 CEST 2005
"Abdelhakeem" <abdelhakeem at timaar.nl> wrote in message
news:mailman.411.1121696134.10548.typo3-linux at lists.netfielders.de...
Dear Boris,
Thanx for your reaction.
I understand you, but the php_admin_value open_basedir is set by plesk in
the httpd.include in the conf directory of the domain. This value is set to
the httpdocs directory of the domain. That means that no other directory can
be opened for execution of files eventhough you have access to it. Anyway,
that's what I think happens.
So When I removed the php_admin_value for openbase_dir in the vhost.conf
file and did as you adviced me, I got a white screen. Just like I did the
first time I began to configure typo3 for use on more than one domain.
And after I placed the value again in the file, typo3 worked again.
And a php_admin_value can only be changed in the httpd.include file. And
because Plesk overwrites the file everytime the domain is reconfigured, it's
better to use the vhost.conf to place the values.
Maybe I made a mistake and I would appreciate it if you could help me out
here. Because, if it realy is a security breach, than that's not what I
want... :-)
Look at this line:
php_admin_value open_basedir
"/path/to/domain/httpdocs:/tmp:/path/to/typo3source/"
with it, you are basically allowing every domain to be able to access typo3
source dir through PHP. So this way, a domain owner could make a little PHP
script and delete your typo3source or alter files in it. Which I am sure you
wouldn't like. PHP is very powerful, it can use shell commands using exec()
(see PHPShell you'll see what I mean) and should be secured at any time.
The way of linking using sudo as I proposed works perfectly, without
open_basedir hack, allowing domains only to access files in typo3 source
dir, but not changing nor deleting them in any way.
If Plesk does domain docs handling this way it does, nothing you can do
about it, but you can get this out: /path/to/typo3source/ and do a bit of
carefull shell work and make system links using sudo to required typo3 src
dirs as I proposed. You will have to do it for every typo3 domain
separately, but it is way safer than open_basedir.
Boris Senker
: dvotocka design
________________________________________________________________
Graphic Design for Print and Web, Prepress, Website Production, TYPO3
Hosting
J. Laurencica 8, 10000 Zagreb, Croatia
http://www.dvotocka.hr
More information about the TYPO3-linux
mailing list