Skip to content

howto - php composer - File(/etc/pki/tls/certs) is not within the allowed path(s) - on arch linux

Since a few days (or weeks?), I discovered the following issue on one of my Arch Linux system.
Whenever I try to use PHP's composer, I got the following issue:


[ErrorException]
is_dir(): open_basedir restriction in effect. File(/etc/pki/tls/certs) is not within the allowed path(s): (/srv/http/ [...]

Well, it didn't hurt that much since I am using (like every cool webkiddy is doing) docker or vagrant for my development. But this time, I needed to solve it since it is a customer edge case - so I solved it.
The how to I will show you is not the perfect way. I had two things in mind, try to minimize the place I have to adapt the php.ini. And try to keep the system as normal as possible. Until now, I can not estimate the security holes I opened with this setting. I will let you know if this how to turns out to be a "don't try this at home" thing.

So, what have I done?
First of all, I asked curl to tell me where it is looking for certificates by executing:


curl-config --ca

output: /etc/ssl/certs/ca-certificates.crt


After that I had a look what this path is:

ls -halt /etc/ssl/certs/ca-certificates.crt

output: [...] /etc/ssl/certs/ca-certificates.crt -> ../../ca-certificates/extracted/tls-ca-bundle.pem


So, with that knowledge it turned out that the following steps are reflecting my requirements mention above.

sudo mkdir -p /etc/pki/tls/certs
sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-certificates.crt
sudo vi /etc/php/php.ini

add following lines to "open_basedir" configuration section

:/etc/pki/tls/certs:/etc/ssl/certs


And that is it, composer should now be back in business.

Translate to de es fr it pt ja

Trackbacks

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

The author does not allow comments to this entry

Add Comment

Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.
To leave a comment you must approve it via e-mail, which will be sent to your address after submission.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Markdown format allowed
Form options