[PHP-DEV] Bug #14076 Updated: fopen() and touch() fail to create file under safe mode

[a . genkin]

ID: 14076
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: *Directory/Filesystem functions
Operating System: Linux
PHP Version: 4.0.6
New Comment:

Well, the fact that it can create a *new directory* in the same directory, already 
means that the apache process has sufficient permissions to also create a file in it.  
However, these are the permissions:

webedit@penguin:/var/www/tmp/submit$ ls -lad ./
drwxrwx---   18 webedit  www          4096 Nov 15 19:13 ./

Apache runs as user `www', and the scripts are owned by user `webedit'.  Note that the 
directory is owned by the same user as the script, and writeable to Apache, so the 
requirements of safe mode are met.
Thank you for your response.
-- 
Arcady Genkin

Previous Comments:
------------------------------------------------------------------------

[2001-11-19 12:37:01] [EMAIL PROTECTED]

Post please the
mod of your directory and tell me the
user and group of your apache. Maybe the apache dont have
rights to create a new file in your directory but he owns the newfile and can 
remove/edit this file.


------------------------------------------------------------------------

[2001-11-15 18:53:16] [EMAIL PROTECTED]

Under safe mode, fopen("filename", "w") fails to create a file if it doesn't exist, 
complaining about open_basedir restriction.  However, the filename refers to the file 
in the directory configured in the open_basedir.  Besides, if the same file is created 
manually, fopen() can open it for writing without  any problems.  The directory is 
writeable to the web server.

$dir = '/var/www/tmp/submit';

// Fails if the file doesn't exist.
// Succeeds if the file does exist
fopen( "$dir/file.txt", "w" ); // Fails if the file doesn't exist.
mkdir( "$dir/foo", 0700 ); // SUCCEEDS!!! Notice the same path.

------------------------------------------------------------------------



Edit this bug report at http://bugs.php.net/?id=14076&edit=1


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]