Problems after defining open_basedir

Crafter · March 6, 2021, 7:07pm

Hello together,
I just installed the Plugin PhpSecInfo and in the the security overview I got the advice to set an open_basedir, so I defined the matomo installation directory on my server as open_basedir in the root .htaccess of my matomo installation:

php_value open_basedir "/is/htdocs/user/www/matomo/"

But now I get the following errors in the security check:
Core
upload_tmp_dir: unable to retrieve file permissions on upload_tmp_dir
Session
save_path: unable to retrieve file permissions on save_path

What is the problem and how can I fix it?

Lukas · March 7, 2021, 7:45pm

Hi,

Keep in mind that the PhpSecInfo library has not been updated since around 2009 and therefore I would keep its recommendations with a grain of salt:

The errors are also not security errors, but rather errors that the tests can’t run.

Crafter · March 7, 2021, 7:45pm

Thanks, that makes me really wondering because it was recommended in matomos guide.
Though I found a way to fix the erros. While districting the php scripts access with the “open_basedir” flag to the matomo directory only, the scripts didn’t had access to the upload tmp dir and save path anymore. So with “sys_get_temp_dir()” I was determining the temporary directory of my server and also add it to the open_basedir.