PHP-FPM chroot with chdir
Solution 1:
Have you actually prepared a proper chroot for PHP?
Simply setting an arbitrary directory is not enough - you actually need to build the chroot and ensure it includes all necessary libraries, devices and binaries.
Otherwise, basic things like DNS resolution will fail to work and you'll get random errors, hangs or app segfaults. It sounds like you are mistaking the simplicity of open_basedir
with that of a chroot.
As a start, this script, once customized, should give you a basis for a chroot.
http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/make_chroot_jail.sh
But realistically, if you don't have much experience with chroots ...
- It may not be any more secure than normal if incorrectly set up
- It may be far more insecure than normal and could allow root escalation if incorrectly set up
- You could end up with random issues, that will plague your application over time all caused by a badly built chroot
I would guess security is your goal, but you're very likely to end up with the exact opposite.
Solution 2:
Got help from phpfreaks IRC last night. It was an issue on the Apache side that I needed it to send the "/www" to PHP-FPM.