Nginx+php uses open

The following three settings require a PHP version of 5.3 or above. Method 1) Add fastcgi_param PHP_VALUE "open_basedir=$document_root:/tmp/:/proc/" in the Nginx configuration file. Usually the nginx site configuration file uses include fastcgi.conf;, so, add this line It is OK in fastcgi.conf. If a site needs to set up additional directories separately, write the above code in include fastcgi.conf; this line is OK, and the settings in fastcgi.conf will be overwritten. This type of setting needs to be effective after restarting nginx. Method 2) Add in php.ini: [HOST=www.45it.com] open_basedir=/home/www/www.45it.com:/tmp/:/proc/[PATH=/home/www/www.45it .com] open_basedir=/home/www/www.45it.com:/tmp/:/proc/This setting needs to be restarted after php-fpm is enabled. Method 3) Create .user.ini in the root directory of the website and write: open_basedir=/home/www/www.45it.com:/tmp/:/proc/This method does not need to restart the nginx or php-fpm service. For security reasons, the write permission of the .user.ini file should be removed. Detailed description of the .user.ini file: http://php.net/manual/zh/configuration.file.per-user.php Setting open_basedir is best to disable the function that executes the command, such as: shell_exec('ls /etc') Still check the file list in the /etc directory shell_exec('cat /etc/passwd'). You can still view the contents of the /etc/passwd file. The recommended functions are disabled as follows: disable_functions = pcntl_alarm, pcntl_fork, pcntl_waitpid, pcntl_wait, pcntl_wifexited, pcntl_wifstopped, pcntl_wifsignaled, pcntl_wexitstatus, pcntl_wtermsig, pcntl_wstopsig, pcntl_signal, pcntl_signal_dispatch, pcntl_get_last_error, pcntl_strerror, pcntl_sigprocmask, pcntl_sigwaitinfo, pcntl_sigtimedwait, pcntl_exec, pcntl_getpriority, pcntl_setpriority, eval, popen, passthru, exec, system, shell_exec, proc_open, proc_get_status, chroot, Chgrp, chown, ini_alter, ini_restore, dl, pfsockopen, openlog, syslog, readlink, symlink, popepassthru, stream_socket_server, fsocket, chdir