WP-Includes/load.pgp Not Recognizing File Path to db.php Inside ISPConfig Jailkit User Shelll

My current problem is as follows.

I had a local LAMP environment WP Multisite on my host maschine that I migrated into an ISPConfig client directory that uses jailkit for security (vbox Debian 10 test server). This is on my test server, so nothing available online yet)

After the migration there various errors because the upload file paths changed from /var/www/html/wordpress-directory/wp-content/ to /web/wp-content/.

As to correct the various errors in my wp debug log. I used the following code:

/* Multisite */
define( 'WP_ALLOW_MULTISITE', true );
define( 'FS_METHOD', 'direct' );
define( 'FS_CHMOD_DIR', ( 0755  ~ umask() ) ); // change permissions of directories
define( 'FS_CHMOD_FILE', ( 0644  ~ umask() ) ); // change permissions of files
define( 'MULTISITE', true );
define( 'SUBDOMAIN_INSTALL', true );
define( 'DOMAIN_CURRENT_SITE', 'tester1.example.com' );
define( 'PATH_CURRENT_SITE', '/' );
define( 'SITE_ID_CURRENT_SITE', 1 );
define( 'BLOG_ID_CURRENT_SITE', 1 );
//These work, but open_basedir error remain
define('WP_CONTENT_DIR', ABSPATH . 'wp-content' );
define( 'WP_PLUGIN_DIR', WP_CONTENT_DIR . '/plugins' );

The code above works for correcting most errors following the migration, but this errors remains in my wp debug log:

[11-Nov-2021 07:15:46 UTC] PHP Warning:  file_exists(): open_basedir restriction in effect. File(/var/www/clients/client1/web10/web/wp-content/db.php) is not within the allowed path(s): (/var/www/clients/client1/web10/web/wp-content:/var/www/clients/client1/web10/web:/var/www/clients/client1/web10/private:/var/www/clients/client1/web10/tmp:/var/www/example.com/web:/srv/www/example.com/web:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/dev/random:/dev/urandom) in /var/www/clients/client1/web10/web/wp-includes/load.php on line 545
[11-Nov-2021 07:15:46 UTC] PHP Stack trace:
[11-Nov-2021 07:15:46 UTC] PHP   1. {main}() /var/www/clients/client1/web10/web/wp-admin/themes.php:0
[11-Nov-2021 07:15:46 UTC] PHP   2. require_once() /var/www/clients/client1/web10/web/wp-admin/themes.php:10
[11-Nov-2021 07:15:46 UTC] PHP   3. require_once() /var/www/clients/client1/web10/web/wp-admin/admin.php:34
[11-Nov-2021 07:15:46 UTC] PHP   4. require_once() /var/www/clients/client1/web10/web/wp-load.php:50
[11-Nov-2021 07:15:46 UTC] PHP   5. require_once() /var/www/clients/client1/web10/web/wp-config.php:138
[11-Nov-2021 07:15:46 UTC] PHP   6. require_wp_db() /var/www/clients/client1/web10/web/wp-settings.php:124
[11-Nov-2021 07:15:46 UTC] PHP   7. file_exists($filename = '/var/www/clients/client1/web10/web/wp-content/db.php') /var/www/clients/client1/web10/web/wp-includes/load.php:545

When I check /var/www/clients/client1/web10/web/wp-includes/load.php:545, I see:

    require_once ABSPATH . WPINC . '/wp-db.php';
    if ( file_exists( WP_CONTENT_DIR . '/db.php' ) ) {
            require_once WP_CONTENT_DIR . '/db.php';
    }

The above, WP_CONTENT_DIR location have been defined by my wp-config.php settings but appears to be ignored by /var/www/clients/client1/web10/web/wp-includes/load.php:545

Inside of ISPConfig Domains Websites Options open_basedir .... I have:

/var/www/clients/client1/web10/web:/var/www/clients/client1/web10/private:/var/www/clients/client1/web10/tmp:/var/www/example.com/web:/srv/www/example.com/web:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/dev/random:/dev/urandom

Clearly, wp-content/db.php is inside of the allowed directory /var/www/clients/client1/web10/web:

I double checked (outside the jailkit shell on the server) system's `/etc/php/7.4/fpm/php.ini and confirmed that the open_base_dir has not been hardcoded, because that would break ISPConfig.

; or per-virtualhost web server configuration file.
; Note: disables the realpath cache
; http://php.net/open-basedir
;open_basedir =

Under Domains Websites PHP .... I have

PHP: PHP-FPM
PHP Version: 7.4

Under Domains Websites Options .... I have:

Use Socket For PHP-FPM (checked / enabled)
Chroot PHP-FPM (unchecked / disabled)
PHP-FPM Process Manager (ondemand PHP version =5.3.9)

These are my entries into the custom php.ini settings field:


    post_max_size = 48M
    max_input_vars = 1200
    upload_max_filesize = 24M
    max_execution_time = 300
    memory_limit = 256M

I do NOT wish to disable open_basedir via apache or the PHP.ini because that breaks ISPConfig and weakens my security. As can be seen from my wp-config settings I have tried various solutions, however nothing seems to work...

How can I adjust WP and/or ISPConfig to get rid of the open_basedir restriction error?

NOTE: I tried to remove the open_basedir options from the individual site via ISPConfig, but they are automatically restored. And I don't want to turn them off globally because that would cause a security hole... Any Tips?

Topic php.ini Wordpress

Category Web

1
answered at

For anyone else who may come across this post... my solution, rather strategy is simple:

After researching the true security value of open_basedir configuration, I realized with ModSec, 3 different levels of application firewalls, and my entire site residing inside of debian 10 / ispconfig user jailkit, that it would probably be safe to deactivate the open_basedir option inside of ISPConfig on the individual site level by adding the word “none” in the field located at Domains >> Websites >> Options >> open_basedir.

Then to update fix all the file paths used by plugins in the multisite that still point to locations that you have migrated away from (make them all reflect local ISPConfig jailkit or whatever else location of the new wp-content folder)…once that is done reactive the open_basedir by removing “none” and saving the settings.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.