I have a web server (Debian, Nginx) with multiple sites written in PHP. For security reasons, I'm restricting each site with open_basedir by specifying it as fastcgi_param in the Nginx configuration:
location ~ \.php$ {
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PHP_VALUE "open_basedir=$document_root";
}
This does however complicate file uploads from frontend, as the default temporary directory (upload_tmp_dir) is outside the open_basedir. The optimal solution would be to add it as another fastcgi_param:
fastcgi_param PHP_VALUE "upload_tmp_dir=$document_root/wp-content/tmp";
This doesn't work, though, as it seems like upload_tmp_dir must be set in php.ini - which wouldn't work with my multiple sites.
How can I solve this and still maintain the open_basedir?