Change Details

== What is open_basedir? == The `open_basedir` keyword adds an extra safety net to whatever PHP application. It's good for you. https://www.php.net/manual/en/ini.core.php#ini.open-basedir == Why it's forbidden now? == At the moment Phabricator/Phorge detects `open_basedir` at runtime, __refusing to run__ if it is detected. Probably this limitation was quickly set in an attempt to reduce spam (e.g. bugs from people using on free shared hosting). Moreover there are also some strange behaviors by Phabricator/Phorge like trying to continuously read the filesystem root (`/`). These filesystem access attempts should be avoided to avoid freaking out the systems engineer: {F61564, size=full} == How to do not forbid it? == In short `open_basedir` is a more than legitimate directive if one knows what he or she is doing. An example value may include: ``` /var/www/your/phorge/httpdocs:/usr:/bin:/tmp:/sbin ``` Before being able to use it, here some things that can be done: * [ ] Add a system option (e.g. `forbid-openbasedir`) with domain `true|false` (`true` as default) with description: //"If you want to add additional security with the PHP configuration "open_basedir" you need to set this configuration to false to skip setup checks but you need to know what you're doing."// * [ ] Update the `TODO` in `./src/applications/config/check/PhabricatorPHPPreflightSetupCheck.php` that says to introduce a system option, and read the above system option to eventually skip that fatal error. * [ ] Figure out why Phabricator continually tries to read `/`

== What is open_basedir? == The `open_basedir` keyword adds an extra safety net to whatever PHP application. It's good for you. https://www.php.net/manual/en/ini.core.php#ini.open-basedir == Why it's forbidden now? == At the moment Phabricator/Phorge detects `open_basedir` at runtime, __refusing to run__ if it is detected. Probably this limitation was quickly set in an attempt to reduce spam (e.g. bugs from people using on free shared hosting). Moreover there are also some strange behaviors by Phabricator/Phorge like trying to continuously read the filesystem root (`/`). These filesystem access attempts should be avoided to avoid freaking out the systems engineer. Example: > realpath(): open_basedir restriction in effect. File (/) is not within the allowed path(s): (/var/www/phabricator:/usr:/bin:/tmp:/sbin) == How to do not forbid it? == In short `open_basedir` is a more than legitimate directive if one knows what he or she is doing. An example value may include: ``` /var/www/your/phorge/httpdocs:/usr:/bin:/tmp:/sbin ``` Before being able to use it, here some things that can be done: * [ ] Add a system option (e.g. `forbid-openbasedir`) with domain `true|false` (`true` as default) with description: //"If you want to add additional security with the PHP configuration "open_basedir" you need to set this configuration to false to skip setup checks but you need to know what you're doing."// * [ ] Update the `TODO` in `./src/applications/config/check/PhabricatorPHPPreflightSetupCheck.php` that says to introduce a system option, and read the above system option to eventually skip that fatal error. * [ ] Figure out why Phabricator continually tries to read `/`

== What is open_basedir? == The `open_basedir` keyword adds an extra safety net to whatever PHP application. It's good for you. https://www.php.net/manual/en/ini.core.php#ini.open-basedir == Why it's forbidden now? == At the moment Phabricator/Phorge detects `open_basedir` at runtime, __refusing to run__ if it is detected. Probably this limitation was quickly set in an attempt to reduce spam (e.g. bugs from people using on free shared hosting). Moreover there are also some strange behaviors by Phabricator/Phorge like trying to continuously read the filesystem root (`/`). These filesystem access attempts should be avoided to avoid freaking out the systems engineer. Example: {F61564,> realpath(): open_basedir restriction in effect. size=full}File (/) is not within the allowed path(s): (/var/www/phabricator:/usr:/bin:/tmp:/sbin) == How to do not forbid it? == In short `open_basedir` is a more than legitimate directive if one knows what he or she is doing. An example value may include: ``` /var/www/your/phorge/httpdocs:/usr:/bin:/tmp:/sbin ``` Before being able to use it, here some things that can be done: * [ ] Add a system option (e.g. `forbid-openbasedir`) with domain `true|false` (`true` as default) with description: //"If you want to add additional security with the PHP configuration "open_basedir" you need to set this configuration to false to skip setup checks but you need to know what you're doing."// * [ ] Update the `TODO` in `./src/applications/config/check/PhabricatorPHPPreflightSetupCheck.php` that says to introduce a system option, and read the above system option to eventually skip that fatal error. * [ ] Figure out why Phabricator continually tries to read `/`