PHP restricted to document root, not file system root

Question

I'm trying to change a text file located inside the /etc/nginx directory via php. I'm using fopen() to do this, however, I cannot access any directory outside my websites root folder.

For example, I have my website stored in the absolute path: /webroot/mywebsite/ and if I attempt to read anything outside that folder, like /etc/nginx, fopen() dies.

• I have tried just using ../../etc/nginx but it cannot find it
• I have tried running PHP as root
• I have tried adding the user 'http' to the root group
• I have tried setting the open_basedir variable in php.ini
• I have tried symlinking the /etc folder to the /webroot folder, but it cannot find it
• I have checked my Nginx config and all php configs are not overriding open_basedir
• I have confirmed the php.ini I am editing does in fact change in phpinfo();
• I have NOT tried chmodding the root directory of my Arch install. I fear this will break something

When I echo out realpath("index.php") it returns "/webroot/mywebsite/index.php"

This is how I've been confirming if I have access to my root directory, but it has not changed. I have no idea what else I can try. My old Debian install let me just use the absolute path. This is my new Arch install and this is the first time I've experienced this. I suspect it may be a permission issue, but I do not want to mas modify my entire OS root. Any other suggestions? Thanks

Answer 1

Well. I'm very surprised I was not able to find this answer after literally 4 hours of googling but here it is. Hopefully I save someone the trouble.

The problem was located here: /lib/systemd/system/php-fpm.service

Find the line "ProtectSystem=full" and set it to "false". Ta-da, I now have access everywhere.