Author Topic: Errors in Log when using open_basedir  (Read 8639 times)

Offline leepfrog

  • Newbie
  • *
  • Posts: 5
Errors in Log when using open_basedir
« on: April 06, 2011, 02:20:43 PM »
Hey there,

I've installed Roundcube on a server which uses php with open_basedir configured.
Everything seems to work fine, however I am getting entries in the errors-Log when sending mails with attachments:

Code: [Select]
[05-Apr-2011 23:20:51] PHP Warning:  finfo_open(): open_basedir restriction in effect. File(/usr/share/file/magic) is not within the allowed path(s): (/var/www/p10015/htdocs:/var/www/p10015/tmp/) in /var/www/p10015/htdocs/program/include/rcube_shared.inc on line 463


How to sort this out?

Offline dshepherd

  • Jr. Member
  • **
  • Posts: 87
Errors in Log when using open_basedir
« Reply #1 on: April 06, 2011, 03:11:36 PM »
If you can't disable open_basedir server-wide, you have 2 options for the virtual host that RC is setup within,

1. Disable open_basedir within vhost.conf or .htaccess.

2. Add /usr/share/file/ to the open_basedir path within vhost.conf or .htaccess

Offline leepfrog

  • Newbie
  • *
  • Posts: 5
Errors in Log when using open_basedir
« Reply #2 on: April 06, 2011, 03:41:35 PM »
Well I could disable open_basedir as it is my own root server.
However disabling it for one vhost would mean to impact on security for all other sites hosted on that server.

I first thought this path would belong to imagick and wondered why roundcube should try to access this directly, but just found out that it is the database file to get the mime type. That then of course makes sense.

As a temorary workaround I'll include the path in the open_basedir for that vhost.

However it would be nice if RC would check if
a) open_basedir is enabled
b) the magic file is inaccessible

Maybe as a preinstallation check. If a) or b) are true RC could offer to use an own magic file.

Thanks for your help!

Offline alec

  • Hero Member
  • *****
  • Posts: 1,363
Errors in Log when using open_basedir
« Reply #3 on: April 07, 2011, 03:21:48 AM »
You can move the magic file to any place and set mime_magic option in Roundcube.

Offline leepfrog

  • Newbie
  • *
  • Posts: 5
Errors in Log when using open_basedir
« Reply #4 on: April 07, 2011, 01:05:23 PM »
Quote from: alec;34151
You can move the magic file to any place and set mime_magic option in Roundcube.


Works! Thanks! Did not note this option

Offline deltatech

  • Jr. Member
  • **
  • Posts: 41
Errors in Log when using open_basedir
« Reply #5 on: April 30, 2011, 12:56:15 AM »
Quote from: alec;34151
You can move the magic file to any place and set mime_magic option in Roundcube.


I am having this problem too and I did move the file, actually the whole directory within my webspace.   in my roundcube directory I have a magic directory that has all this..

magic  magic.mgc  magic.mime  magic.mime.mgc

in my main.inc.php I have this...

Code: [Select]
$rcmail_config['mime_magic'] = '/var/www/vhosts/demo1234.org/httpdocs/roundcube/magic/magic';


Should I assume this is the complete path AND filename of the magic file?  Or is it just a path to where the file resides.  

What I have now isn't working, I get this error...

finfo_open(): Failed to load magic database at '/usr/share/roundcube/magic/magic'. in /usr/share/roundcube/program/include/rcube_shared.inc on line 463

Offline leepfrog

  • Newbie
  • *
  • Posts: 5
Errors in Log when using open_basedir
« Reply #6 on: May 01, 2011, 05:05:32 PM »
First of all, the "magic" thing needed there is only a file. So it should be sufficient to copy the file magic from /usr/share/file/magic to a dir inside open_basedir and then edit the config file to point $rcmail_config['mime_magic'] directly to this file (path and filename).

Furthermore the config and the error message you are receiving do not make sense.

If the variable is configured to '/var/www/vhosts/demo1234.org/httpdocs/roundcube/magic/magic' why does it search the file in here: '/usr/share/roundcube/magic/magic'.

Offline deltatech

  • Jr. Member
  • **
  • Posts: 41
Errors in Log when using open_basedir
« Reply #7 on: May 01, 2011, 05:13:07 PM »
Quote from: leepfrog;34540
First of all, the "magic" thing needed there is only a file. So it should be sufficient to copy the file magic from /usr/share/file/magic to a dir inside open_basedir and then edit the config file to point $rcmail_config['mime_magic'] directly to this file (path and filename).

Furthermore the config and the error message you are receiving do not make sense.

If the variable is configured to '/var/www/vhosts/demo1234.org/httpdocs/roundcube/magic/magic' why does it search the file in here: '/usr/share/roundcube/magic/magic'.


the reason the config and the error didn't match is because I have been moving and changing it so many times I gave the wrong log entry for the wrong time.

The error msg was correct, the path was not.  

I still get the error no matter if I point to the file, or just the path that contains the file.  I am still not sure which is correct.  

I have checked the permissions and it is owned by the same group/user as the rest of the roundcube installation and just to be sure, I changed the permissions to 666 even though we know it should never be writing there..

Still the error.  This is on a CentOS 5.6 machine.  and the PHP is 5.3.6

One thing I noticed in the php.net documentation for the finfo_open is that if the file is NULL then it uses the system default.  I set my path to NULL and no more errors..   So, I don't know if that means it is working now, or not even trying to read it.

How can I test this to see if it is being read properly?

Offline leepfrog

  • Newbie
  • *
  • Posts: 5
Errors in Log when using open_basedir
« Reply #8 on: May 01, 2011, 05:28:03 PM »
I highly doubt that setting the path to NULL will include the correct file.
As stated in my last post you have to point to the file including the path. At least that was the correct choice for me.

If you put the magic file in a subfolder called "magic", did you check that the folder itself has at least 755 permissions (so that the directoy can be entered by the php process)?

Last but not least maybe the file got corrupted while copying it from the original location. Try to copy it again.

For my part I always observed the error message in the error log when uploading mailattachments in the roudcube webinterface, so I'd suggest to point the config to the file, verify the permissions and then try to upload the file. Then check the errorlog.

Offline deltatech

  • Jr. Member
  • **
  • Posts: 41
Errors in Log when using open_basedir
« Reply #9 on: May 01, 2011, 05:37:23 PM »
Quote from: leepfrog;34542
I highly doubt that setting the path to NULL will include the correct file.
As stated in my last post you have to point to the file including the path. At least that was the correct choice for me.

If you put the magic file in a subfolder called "magic", did you check that the folder itself has at least 755 permissions (so that the directoy can be entered by the php process)?

Last but not least maybe the file got corrupted while copying it from the original location. Try to copy it again.

For my part I always observed the error message in the error log when uploading mailattachments in the roudcube webinterface, so I'd suggest to point the config to the file, verify the permissions and then try to upload the file. Then check the errorlog.


I did have 755 for the directory and 666 for the magic file and did use the entire path.  Still got the error.  However I do have this good news.

By setting it to NULL, I proved it works by editing the program/inclujde/rcube_shared.inc file and added a write_log() statement right after the if statement that opens the mime file.   And it did  indeed open it ok.  I also had it logging the mime types it found and it always came up with the right answer so all is well.

Even though the above fix works,  I am still bothered as to why just specifying the file with full path didn't work.

Offline aberrio

  • Jr. Member
  • **
  • Posts: 24
Errors in Log when using open_basedir
« Reply #10 on: May 02, 2011, 11:06:12 PM »
Hi,

I had the same issue. I fix it in the  vhost.conf directive.  In my casa a missed “.” was the cause.  Look at your vhost.conf file under
.
.
.
.
 
            php_admin_flag engine on
            php_admin_value open_basedir "/srv/www/htdocs/xxxxxx/.:tmp"
 


A missing “.” Before :tmp was the cause.