PHP-FPM and including files outside document root

MarkPW

Member
Jun 8, 2003
16
0
151
I'm trying to include files via a PHP script from another user/public_html directory on my server, but PHP-FPM throws a "permission denied" error when I attempt it. I realise this has been asked here previously and is a security risk, but no solution was given and I'm willing to take the risk.

I've attempted the following:

Running Apache 2.4.34 & PHP 5.6.38
In /etc/apache2/conf.d/userdata/std/2_4/me/mydomain.com/custom.conf:

Code:
Alias "/get" "/home/otheruser/public_html/get"
<Directory "/home/me/public_html/get">

    <IfModule proxy_fcgi_module>
        <Files \.(php[0-9]*)$)>       
	SetHandler proxy:unix:/opt/cpanel/ea-php56/root/usr/var/run/php-fpm/{string from httpd.conf}.sock|fcgi://otheruser.com
        </Files>
    </IfModule>
</Directory>
Then...

Code:
/scripts/ensure_vhost_includes --user=me && /usr/local/cpanel/scripts/rebuildhttpdconf && /usr/local/cpanel/scripts/restartsrv_httpd
Static files work as expected as it bypasses the proxy, but I'm getting a 404 not found response and fpm error log gives me:

Code:
AH01071: Got error 'Primary script unknown\n'
Not sure it makes a difference but the "me" account from where I execute the script is a dedicated IP and I am utilising this address currently rather than a domain name.

Any advice would be appreciated.
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
96
78
India
cPanel Access Level
Root Administrator
Twitter
Hi,

In the Apache configuration, there are 2 settings, FollowSymLinks and SymLinksIfOwnerMatch. Can you check if first setting is enabled? and check if symlink protection is enabled or disabled.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hi @MarkPW


This is a huge security risk and completely inadvisable. The configuration you're requesting is not something supported by cPanel and should you want to pursue implementing this I would suggest enlisting the assistance of a system administrator. If you don't have one you might find one here: System Administration Services | cPanel Forums.

Thank you.