open_basedir for php作为FastCGI运行

时间:2013-03-20 12:42:26

标签: php apache mod-rewrite fastcgi

我前段时间安装了Apache和php作为fastcgi模块

root@company# apt-get install apache2 apache2-suexec libapache2-mod-fcgid php5-cgi

root@company# dpkg-query -l '*apache2*' 
Desired=Unknown/Install/Remove/Purge/Hold 
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend 
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) 
||/ Name                           Version                        Description 
+++-==============================-==============================-============================================================================ 
ii  apache2              2.2.20-1ubuntu1.2         Apache HTTP Server metapackage 
ii  apache2-mpm-worker   2.2.20-1ubuntu1.2         Apache HTTP Server - high speed threaded model 
ii  apache2-suexec       2.2.20-1ubuntu1.2  Standard suexec program for Apache 2 mod_suexec 
ii  apache2-utils        2.2.20-1ubuntu1.2         utility programs for webservers 
ii  apache2.2-bin        2.2.20-1ubuntu1.2         Apache HTTP Server common binary files 
ii  apache2.2-common     2.2.20-1ubuntu1.2         Apache HTTP Server common files 
ii  libapache2-mod-fcgid 1:2.3.6-1+squeeze1build0.11.10 an alternative module compat with mod_fastcgi 

root@company# dpkg-query -l '*php*' 
Desired=Unknown/Install/Remove/Purge/Hold 
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend 
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) 
||/ Name                              Version                           Description 
+++-=================================-=================================-================================================================================== 
un  php-pear                    <none>                         (no description available) 
ii  php5-cgi  5.3.6-13ubuntu3.7  server-side, HTML-embedded scripting language (CGI binary) 
ii  php5-common     5.3.6-13ubuntu3.7  Common files for packages built from the php5 source 
un  php5-json                  <none>                            (no description available) 
un  php5-mhash                 <none>                            (no description available) 
un  php5-suhosin               <none>                            (no description available) 
un  phpapi-20090626            <none>                            (no description available) 

root@company# dpkg-query -l '*fcgi*' 
Desired=Unknown/Install/Remove/Purge/Hold 
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend 
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) 
||/ Name                              Version                           Description 
+++-=================================-=================================-================================================================================== 
ii  libapache2-mod-fcgid 1:2.3.6-1+squeeze1build0.11.10.1  an alternative module compat with mod_fastcgi

现在,我知道我无法在虚拟主机中使用此命令:

php_admin_value open_basedir "/var/www/users/test"

我的典型虚拟主机文件:

<VirtualHost *:80>
 ServerName test
 ServerAlias test
 ServerAdmin webmaster@test.com
 DocumentRoot /var/www/users/test/public_html/

<IfModule mod_fcgid.c>
 SuexecUserGroup test test
 <Directory /var/www/users/test/public_html/>
 Options +ExecCGI
 Options -Indexes
 AllowOverride None
 AddHandler fcgid-script .php
 FCGIWrapper /var/www/system/test/php-fcgi-starter .php
 Order allow,deny
 Allow from all
 </Directory>
</IfModule>

 # ErrorLog /var/log/apache2/error.log
 # CustomLog /var/log/apache2/access.log combined
 ServerSignature Off

</VirtualHost>

1)关于如何启用open_basedir并允许我的用户更改我在其家中定义的php.ini(例如/var/www/users/test)的任何想法。即使用户尝试编辑php.ini,也不应更改我的值。

这可能吗? 或者,我应该忘记用户对所有用户php.ini的访问权限并一次性更改他的php.ini?(我可以通过简单地重新定位它来做到这一点 - 这里有一个fcgid封装脚本你知道的设置)

2)如果有人也能给我一些重定向所有请求的Apache2指令,我将不胜感激:

http://www.test.com/a/new/post

内部的这个:

http://www.test.com/index.php?a/new/post

以下不起作用 - 应该给出一些参数:

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]

(不,我不想因速度而允许.htaccess文件)

谢谢!

评论问题(2):我注意到<Directory>部分内的这个指令实现了我的需要:

RewriteEngine On
RewriteBase /
RewriteRule ^(.*)$ index.php?$1 [NC,L,QSA]

但在呈现php图像时表现得很奇怪(未显示)

<?php
phpinfo();
?>

此图像在回显文件中的链接是

<img border="0" src="/info.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42" alt="PHP Logo" />

任何想法?

1 个答案:

答案 0 :(得分:0)

与问题(2)相关:似乎这些指令确实具有魔力(见内外评论)

<VirtualHost *:80>
 ServerName test
 ServerAlias test
 ServerAdmin webmaster@test.com
 DocumentRoot /var/www/users/test/public_html/

 #the next line should be removed in production
 RewriteLog /var/www/users/test/public_html/rewrite.log
 RewriteLogLevel 9

<IfModule mod_fcgid.c>
 SuexecUserGroup test test
 <Directory /var/www/users/test/public_html/>
 Options +ExecCGI
 Options -Indexes
 AllowOverride None
 AddHandler fcgid-script .php
 FCGIWrapper /var/www/system/test/php-fcgi-starter .php
 Order allow,deny
 Allow from all

 RewriteEngine On
 #next line introduces some behavior, see comment (1)
 #RewriteBase /

 #redirect non-existent files or, redirect existent
 #files with the execute bit set, see comment (2)
 RewriteCond %{REQUEST_FILENAME} !-f [OR]
 RewriteCond %{REQUEST_FILENAME} -x

 #under the above dir ("/var/www/users/test/public_html/")
 #there is a "php/tests/testApache.php" that catches all requests
 #for non-existent files or for executables,
 #L=last, NC=case-insensitive, NE=no hexcode escaping of the request uri
 #QSA=append query string from the original request uri to the resulted string
 RewriteRule ^/?(.*)$ php/tests/testApache.php?$1 [NC,NE,L,QSA]

 </Directory>
</IfModule>

 #the next 2 lines should be removed in production
 ErrorLog /var/www/users/test/public_html/error.log
 CustomLog /var/www/users/test/public_html/access.log combined

 ServerSignature Off

</VirtualHost>

评论(1):通过调查我们的“rewrite.log”文件,我们在删除时间,sid,rid字段后看到这些差异

root@localhost# diff 1.txt 2.txt
8,10c8
< 127.0.0.1 - - [22/Mar/2013: +0200] [test/sid#][rid#/initial] (2) [perdir /var/www/users/test/public_html/] trying to replace prefix 
/var/www/users/test/public_html/ with /
< 127.0.0.1 - - [22/Mar/2013: +0200] [test/sid#][rid#/initial] (5) strip matching prefix: /var/www/users/test/public_html/php/tests/te
stApache.php -> php/tests/testApache.php
< 127.0.0.1 - - [22/Mar/2013: +0200] [test/sid#][rid#/initial] (4) add subst prefix: php/tests/testApache.php -> /php/tests/testApache
.php
---
> 127.0.0.1 - - [22/Mar/2013: +0200] [test/sid#][rid#/initial] (2) [perdir /var/www/users/test/public_html/] strip document_root prefi
x: /var/www/users/test/public_html/php/tests/testApache.php -> /php/tests/testApache.php

左侧部分(1.txt)在虚拟主机中附带RewriteBase /

评论(2):通过重定向不存在的文件,只要与文档相比给出资源的路径,我们所有的图像,.css,.js,.htm *文件都按预期工作root(在这些虚拟主机中是“/ var / www / users / test / public_html /”)。 因此,编写了一个测试图像:

echo '<img src="/wallpaper-10.jpg" alt="Christmas">';

它位于“/var/www/users/test/public_html/wallpaper-10.jpg”。

仍在等待问题(1) ...

的一些回复
相关问题
最新问题