Page MenuHomePhabricator

Special:Version and "Warning: is_file(): open_basedir restriction in effect. File(/usr/bin/git) is not within the allowed path(s)..."
Closed, DuplicatePublic

Description

I manage the Crypto++ wiki at https://www.cryptopp.com/wiki. Our wiki uses some skins and extensions. The skins and extensions are installed via git and not a release tarball. We found it easier to keep skins and extensions up to date by scripting a "git pull".

Our update script looks like so:

# cat /var/www/html/update-wiki.sh
#!/usr/bin/env bash

# update-wiki.sh performs maintenance on the website's wiki installation.
# The script does three things, give or take. First it updates GitHub
# based components in skins/ and extensions/. Second, it {re}sets
# permissions on some files and folders, including logging files
# in /var/log. Third, it runs MediaWiki's update.php and then restarts
# the Apache service. update.php is important and it must be run anytime
# a change occurs.

# Important directories
WIKI_DIR="/var/www/html/w"
LOG_DIR="/var/log"
TOP_DIR=$(pwd)

# This finds directories check'd out from Git and updates them.
# It works surprisingly well. There has only been a couple of
# minor problems.
for dir in $(find "$WIKI_DIR/skins" -name '.git'); do
    cd "$dir/.."
    echo "Updating ${dir::-4}"
    git reset --hard HEAD && git pull
done

for dir in $(find "$WIKI_DIR/extensions" -name '.git'); do
    cd "$dir/.."
    echo "Updating ${dir::-4}"
    git reset --hard HEAD && git pull
done

# Remove all test frameworks
for dir in $(find "$WIKI_DIR" -iname 'test*'); do
    rm -rf "$dir" 2>/dev/null
done

...

# Always run update script per https://www.mediawiki.org/wiki/Manual:Update.php
echo "Running update.php"
/opt/rh/rh-php71/root/usr/bin/php "$WIKI_DIR/maintenance/update.php" --quick 2>&1

echo "Restarting Apache service"
if ! systemctl restart httpd24-httpd.service 2>&1; then
    echo "Restart failed. Sleeping for 3"
    sleep 3
    echo "Restarting Apache service"
    systemctl stop httpd24-httpd.service 2>&1
    systemctl start httpd24-httpd.service 2>&1
fi

cd "$TOP_DIR"

Things have worked fine for several years. I used to visit Special:Version at https://www.cryptopp.com/wiki/Special:Version to ensure components were being updated. If a skin or extension seemed stale I would investigate it.

Recently I checked the wiki's Special:Version to verify updates and it was full of warnings (that they bled through may be an error):

Warning: is_file(): open_basedir restriction in effect. File(/usr/bin/git) is not within the allowed path(s): (/var/www/html/) in /var/www/html/w/includes/GitInfo.php on line 214

Warning: is_file(): open_basedir restriction in effect. File(/usr/bin/git) is not within the allowed path(s): (/var/www/html/) in /var/www/html/w/includes/GitInfo.php on line 214

Warning: is_file(): open_basedir restriction in effect. File(/usr/bin/git) is not within the allowed path(s): (/var/www/html/) in /var/www/html/w/includes/GitInfo.php on line 214

Warning: is_file(): open_basedir restriction in effect. File(/usr/bin/git) is not within the allowed path(s): (/var/www/html/) in /var/www/html/w/includes/GitInfo.php on line 214

Warning: is_file(): open_basedir restriction in effect. File(/usr/bin/git) is not within the allowed path(s): (/var/www/html/) in /var/www/html/w/includes/GitInfo.php on line 214

Warning: is_file(): open_basedir restriction in effect. File(/usr/bin/git) is not within the allowed path(s): (/var/www/html/) in /var/www/html/w/includes/GitInfo.php on line 214

Warning: is_file(): open_basedir restriction in effect. File(/usr/bin/git) is not within the allowed path(s): (/var/www/html/) in /var/www/html/w/includes/GitInfo.php on line 214

Warning: is_file(): open_basedir restriction in effect. File(/usr/bin/git) is not within the allowed path(s): (/var/www/html/) in /var/www/html/w/includes/GitInfo.php on line 214
...

Special:Version still displays the version information at the bottom of the page. The problem is the are 40 or 50 "Warning: is_file(): open_basedir restriction in effect. File(/usr/bin/git) is not within the allowed path(s)...".

Here are the software versions of interest:

  • CentOS 7
  • MediaWiki 1.30.0
  • PHP 7.1.8 (apache2handler)
  • MariaDB 5.5.56-MariaDB

Event Timeline

Noloader updated the task description. (Show Details)

Thanks everyone.

This is what changed for us recently. We turned it on full-time to speed-up the troubleshooting process at the expense of leaking information, like basedir paths. From T74445:

  • Go to Special:Version and it should display the warning (if your error_reporting configuration is not hiding it).
Vvjjkkii renamed this task from Special:Version and "Warning: is_file(): open_basedir restriction in effect. File(/usr/bin/git) is not within the allowed path(s)..." to xsbaaaaaaa.Jul 1 2018, 1:06 AM
Vvjjkkii reopened this task as Open.
Vvjjkkii triaged this task as High priority.
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed a subscriber: Aklapper.
CommunityTechBot renamed this task from xsbaaaaaaa to Special:Version and "Warning: is_file(): open_basedir restriction in effect. File(/usr/bin/git) is not within the allowed path(s)...".Jul 2 2018, 1:18 AM
CommunityTechBot closed this task as a duplicate.
CommunityTechBot raised the priority of this task from High to Needs Triage.
CommunityTechBot updated the task description. (Show Details)
CommunityTechBot added a subscriber: Aklapper.