open_basedir restriction message


When attempting to access a file in PHP, the script will yield a warning similar to:

Warning: fopen(): open_basedir restriction in effect. File(/var/www/myresource) is not within the allowed path(s): 
(/home/virtual/site2/fst:/var/www/html:/usr/local:/usr/bin:/usr/sbin:/etc:/tmp:/proc:/dev:/.socket) in /home/virtual/site2/fst/var/www/html/myfile.php on line 3


This is caused by mistakenly referencing a path within a pivot root inconsistent with PHP. PHP runs with a separate filesystem visibility for high-throughput performance, whereas FTP and control panel access require low-throughput, but heightened security. PHP implements a different security subsystem and different access rights.


Prepend the HTTP Base Prefix value taken from the control panel under AccountSummaryWeb. For example, the following PHP snippet would be corrected as follows:

   // Will yield open_basedir warning
   $key = file_get_contents("/var/www/secret.hash");
   $key = file_get_contents("/home/virtual/site12/fst/var/www/secret.hash");

For convenience, the web server will populate an environment variable named SITE_ROOT that contains the value of HTTP Base Prefix. A better example would be:

   $key = file_get_contents($_SERVER['SITE_ROOT'] . "/var/www/secret.hash");
   // do whatever, $key works!

Just don’t forget too that PHP requires special permissions for write access!

See Also

PHP: Writing to files

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.