Skip to content

open_basedir & phpMyAdmin

When open_basedir was in effect, phpMyAdmin would not work. But it would not give these helpful error messages away:
   open_basedir restriction in effect. File(/tmp/foo) is not within the allowed path(s)
The webserver would just terminate the script with an error 500 and be done with it. As soon as open_basedir is disabled, phpMyAdmin works. So what's bothering phpMyAdmin or: which files can phpMyAdmin not access?

Since we're using PHP via FastCGI, we have one webserver process and 10 php-cgi processes. But let's strace them anyway:
 $ strace -p `pgrep php-cgi | xargs echo | sed 's/ / -p /g'` -p `pgrep lighttpd`
Now disable open_basedir, restart the webserver and run strace(1) again. Thanks to GNU/diff, we can use:
  $ diff -y with-openbasedir.log without-openbasedir.log
  [...]
                                 > open("/var/lib/phpmyadmin/blowfish_secret.inc.php",
                                 > open("/var/lib/phpmyadmin/config.inc.php",
...and there it was. Adding /var/lib/phpmyadmin/ to open_basedir did the trick. In retrospect, pretty trivial - but without a proper error message in the logs, strace(1) was the only solution I could think of.