toad
December 16, 2020, 9:26am
1
Hi,
I’m running nextcloud 20.0.4 on a stable debian with php7.3 and apache 2.4.
When I add open_basedir = /dev/urandom to /etc/php/7.3/apaches2/php.ini and restart apache my browser stays blank whenever I enter my nextcloud url. Unfortunately nextcloud.log stays empty. Apache’s error log says:
[mpm_prefork:notice] [pid 645] AH00173: SIGHUP received. Attempting to restart
[mpm_prefork:notice] [pid 16441] AH00163: Apache/2.4.38 (Debian) mod_fcgid/2.3.9 OpenSSL/1.1.1d configured – resuming normal operation
Any pointers as to what might be the problem here are much appreciated!
j-ed
December 16, 2020, 9:41am
2
What do you expect to achieve by adding “open_basedir = /dev/urandom
”? Afaik this is an invalid definition so that I’m personally not surprised that your server runs into an error condition.
toad
December 16, 2020, 9:43am
3
I was following the nextcloud server hardening guideline. They explicitly state that it should be done …
j-ed
December 16, 2020, 10:05am
4
Afaik, the guide doesn’t recommend to “set ”" the parameter as you set, but to “include ”" /dev/urandom in your configuration.
Please read the description of the open_basedir parameter in the PHP documentation to understand its purpose and how it should be set.
Here you will find information related to the urandom usage:
http://php.net/session.entropy-file
toad
December 16, 2020, 10:16am
5
Cheers j-ed!
I didn’t know how to include more than one directory. A colon works as in:
open_basedir = /var/www/nextcloud/:/dev/urandom
Edited to reflect j-ed’s last comment.
j-ed
December 16, 2020, 10:31am
6
BTW, /dev/urandom
is a random number device and NOT a directory, so that the trailing slash might not be correct