Re: [PHP] php safe mode no more?
What I've noticed running apache suexec + fastcgi is that the memory requirements increased over running nonsuexec and mod_php under apache. when i went to a nginx + fastcgi, things worked much better overall with limited memory (i'm on 1GB limited slice, non-burstable). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php safe mode no more?
tamouse mailing lists wrote: What I've noticed running apache suexec + fastcgi is that the memory requirements increased over running nonsuexec and mod_php under apache. when i went to a nginx + fastcgi, things worked much better overall with limited memory (i'm on 1GB limited slice, non-burstable). Funny you should mention nginx ... that one is on my todo list as well ... -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php safe mode no more?
Am 04.08.12 11:51, schrieb Lester Caine: tamouse mailing lists wrote: What I've noticed running apache suexec + fastcgi is that the memory requirements increased over running nonsuexec and mod_php under apache. when i went to a nginx + fastcgi, things worked much better overall with limited memory (i'm on 1GB limited slice, non-burstable). Funny you should mention nginx ... that one is on my todo list as well ... I can definetly recommend that one. I tested nginx + php-fpm against apache2 + mod_php. Since then every server setup for PHP appliactions is done with nginx + php-fpm. It is faster and uses less memory. -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz signature.asc Description: OpenPGP digital signature
Re: [PHP] php safe mode no more?
D. Dante Lorenso wrote: The school I work with wants to set up PHP and MySQL hosting for about 10,000 students. I suspect that if you have a lot of students active at once you will need a few machines to support this. I'd certainly recommend a separate machine running the database and not MySQL but that is my own pet hate ;) - postgres would be preferable if only to get new users trained in a better standard. I run firebird database servers myself. Apache can be configured to provide individual logins, and it's ring fencing their data areas that is the important bit, but you will need a lot of storage space for 1 users. I see that in 5.4, PHP safe-mode is being removed. How is it supposed to be done if not safe-mode? It was the wrong solution to the problem. But as with much that is happening on PHP today, killing things off is being actioned without any real documented support as to how to replace it. Not their problem is the usual response when we ask how something should be done like this :( Are all the hosting providers using suExec and running PHP as CGI or FastCGI? If I'm trying to do this the right way, what way is that? Anyone got link or pointers on what I need to learn? Another one is suphp but that seems to have stalled? Having been scuppered recently because SUSE seems to have lost it's way as well, I've just started a setup using Debian so I can get the latest Apache and PHP, and one link that poped up which looks useful is http://x10hosting.com/forums/vps-tutorials/148894-debian-apache-2-2-fastcgi-php-5-suexec-easy-way.html . I have always used the apache php module, so was looking to give CGI a try as a comparison, but I don't have any need for the cross user security myself. My users just access their material at the PHP level, securely stored in their own databases :) -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php safe mode no more?
The school I work with wants to set up PHP and MySQL hosting for about 10,000 students. I see that in 5.4, PHP safe-mode is being removed. How is it supposed to be done if not safe-mode? Are all the hosting providers using suExec and running PHP as CGI or FastCGI? If I'm trying to do this the right way, what way is that? Anyone got link or pointers on what I need to learn? -- Dante -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode story
On May 11, 2008, at 12:06 AM, admin wrote: [snip!] Safe mode has _got_ to be there for some good reason. Read on about PHP6 http://www.ibm.com/developerworks/opensource/library/os-php-future/?ca=dgr-lnxw01PHP-Future Scroll down to where the title is Things removed - notice that 'safe_mode' is listed. It may have been put in originally for a good reason, but since then deprecated. HTH, ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Safe mode story
You could try having apache run as the UID of the user. With a few modifications to apache site config and you should be golden! HTH, Wolf -Original Message- From: admin [EMAIL PROTECTED] Sent: Sunday, May 11, 2008 1:06 AM To: php-general@lists.php.net Subject: [PHP] Safe mode story Hi all, I'm running a Plesk 8.3 mass hosting server equipped with PHP 5.1.6 on CentOS 5, and I'm facing the problem of PHP Safe mode barfing at the UID mismatch of PHP scripts uploaded by user's FTP UID, and later executed by Apache UID, where user's PHP scripts thusly uploaded attempt to write any files while doing their job. Is there an educated solution? What if I relax safe mode checks to gid (safe_mode_gid=On), and given that GID is psacln for every Plesk-hosted customer, with only UIDs being different, is there any risk that folks operating on their own chmod 660 files will be able to overwrite other people's chmod 660 files? Or will open_basedir be enough to prevent unwanted PHP level file access while relaxing safe mode uid check at the same time? (by default, it is properly set by Plesk in %mysite%/conf/httpd.include) ? BTW, safe_mode_exec_dir is empty by default, does it mean if I do set safe_mode_gid then users will be able to exec other Plesk users' cgi-bin scripts etc. because of GIDs being equal?? Safe mode has _got_ to be there for some good reason. Thanks in advance for any tips. -- [The entire original message is not included] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Safe mode story
Hi all, I'm running a Plesk 8.3 mass hosting server equipped with PHP 5.1.6 on CentOS 5, and I'm facing the problem of PHP Safe mode barfing at the UID mismatch of PHP scripts uploaded by user's FTP UID, and later executed by Apache UID, where user's PHP scripts thusly uploaded attempt to write any files while doing their job. Is there an educated solution? What if I relax safe mode checks to gid (safe_mode_gid=On), and given that GID is psacln for every Plesk-hosted customer, with only UIDs being different, is there any risk that folks operating on their own chmod 660 files will be able to overwrite other people's chmod 660 files? Or will open_basedir be enough to prevent unwanted PHP level file access while relaxing safe mode uid check at the same time? (by default, it is properly set by Plesk in %mysite%/conf/httpd.include) ? BTW, safe_mode_exec_dir is empty by default, does it mean if I do set safe_mode_gid then users will be able to exec other Plesk users' cgi-bin scripts etc. because of GIDs being equal?? Safe mode has _got_ to be there for some good reason. Thanks in advance for any tips. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode question
Your php.ini should have root as its owner and be set to 600, if your using apache server then apache must start as root, the php.ini file is read only once by root when the server starts - so that setting should not cause problems, however if using the cli then you should also make /etc/php.ini readable by all other users (permissions 644). Not sure why the suse folks would put both --enable-cli and --disable-cli but i notice they also have --with-pear and --without-pear, which takes precedence im not completely sure but would think the last one would so you probably have pear and the cli installed despite the --disable and --without lines, if i remember correctly the cli is required to use pear so --disable-cli would force --without-pear, i would suggest you compile your own version. ~James (Robin) wrote: Doh - I figured it out (for those who were interested). The permissions on /etc/php.ini was set to 600 (owner == root). Changing this it other read, fixes the issue. Any idea why Suse would do this? Thanks -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] safe mode question
Hi: I am running PHP 4.3.10 (cli) (built: Dec 11 2005 17:38:29) on SuSe 9.3 - and am having some problems getting some scripts running. php was compiled (by Suse) with: Configure Command = './configure' '--prefix=/usr' '--datadir=/usr/share/php' '--mandir=/usr/share/man' '--bindir=/usr/bin' '--libdir=/usr/share' '--includedir=/usr/include' '--sysconfdir=/etc' '--with-_lib=lib' '--with-config-file-path=/etc' '--with-exec-dir=/usr/lib/php/bin' '--disable-debug' '--enable-inline-optimization' '--enable-memory-limit' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sigchild' '--disable-ctype' '--disable-session' '--without-mysql' '--disable-cli' '--without-pear' '--with-openssl' '--enable-force-cgi-redirect' '--enable-discard-path' '--enable-cli' '--with-pear' 'i586-suse-linux' (unrelated question - why have --enable-cli and --disable-cli?) And I have safe mode off in php.ini, safe_mode = Off which is verified by a phpinfo(); safe_mode = Off = Off However, the script should run from a cvs commit (the CVSROOT/logginfo # BEGIN added by gforge-plugin-cvstracker ALL ( php -q -d include_path=.:/opt/gforge/gforge:/opt/gforge/gforge/www/include:/etc/gforge /opt/gforge/gforge/plugins//cvstracker/bin/post.php %r %p %{sVv} ) # END added by gforge-plugin-cvstracker And in /opt/gforge/gforge/plugins//cvstracker/bin/post.php, the code: echo safemode ; echo ini_get('safe_mode'); Displays : safemode 1 I have tried the same thing from the command line, and the only way I can make it the same, is to add the -n flag. Any thoughts or pointers? Thanks -Robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode question
Doh - I figured it out (for those who were interested). The permissions on /etc/php.ini was set to 600 (owner == root). Changing this it other read, fixes the issue. Any idea why Suse would do this? Thanks -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] safe mode
-Original Message- From: Bostjan Skufca @ domenca.com [mailto:[EMAIL PROTECTED] Sent: Thursday, July 28, 2005 1:38 PM I would *never* host anything on a server with safe_mode on! What are your reasons for this decision? I correted it in a mail 5 minutes after. With safe_mode off this is possible System(cat /home/Bostjan/include/db_setup.inc); From any php script and any user. One should be protected by safe_mode_gid and safe_mode_include_dir, but I´ve seen several examples of hosting setups that allows complete access to another users directory. With safe_mode on I´M more safe and so are my customers ;-) -- Med venlig hilsen / best regards ComX Networks A/S Kim Madsen Systemudvikler/Systemdeveloper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Safe mode subdirectory workaround patch
Hi everyone, I created a patch which enables subdirectories to be created and used even if PHP is running with safe mode enabled (common problem on shared hosts where Apache/PHP runs as user 'nobody' or 'www'). Patch can be found here: http://www.lenivec.com/php/patches/ Comments are welcome! Best regards, Bostjan
Re: [PHP] Safe mode subdirectory workaround patch
Bostjan Skufca wrote: Hi everyone, I created a patch which enables subdirectories to be created and used even if PHP is running with safe mode enabled (common problem on shared hosts where Apache/PHP runs as user 'nobody' or 'www'). Patch can be found here: http://www.lenivec.com/php/patches/ Comments are welcome! Not to dismiss the work you've put into this, but how does a user in a shared hosting enviroment apply this patch and re-compile php? -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] safe mode
-Original Message- From: Ryan A [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 6:29 PM I presently require hosting with a company that has their servers in Sweden, and I need a shared hosting account, any recommendations are welcome, the server is for a client. I have found quire a few via google but I noticed most of them are with Safemode ON and Register_globals ON which I find to be quite strange because I have always hosted on a regular server with safe mode off, register_ globals does not really metter, as if it was off I didnt do anything but if it was on I used a htaccess file to put the b**ch off :-) I have done a little reading on Safe Mode, but I'm looking for _your_ experiences with safe mode and the problems you have faced or/and any warnings for me. Will continue to read and search via google while i wait for your answer/s. I would *never* host anything on a server with safe_mode on! System(cat /home/USER/include/db_setup.inc); -- Med venlig hilsen / best regards ComX Networks A/S Kim Madsen Systemudvikler/Systemdeveloper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] safe mode
Ahem! -Original Message- From: Kim Madsen [mailto:[EMAIL PROTECTED] Sent: Thursday, July 28, 2005 12:01 PM I would *never* host anything on a server with safe_mode on! s/safe_mode on/safe_mode off/ /Kim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] safe mode
Hey Kim, I would *never* host anything on a server with safe_mode on! Just 1 day late :-( just bought hosting for a year with b-one.se :-( Whats the main reasons you would never host with safe mode on? and whats this: s/safe_mode on/safe_mode off/ ?? Thanks, Ryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode
-Original Message- From: Kim Madsen [mailto:[EMAIL PROTECTED] Sent: Thursday, July 28, 2005 12:01 PM I would *never* host anything on a server with safe_mode on! What are your reasons for this decision? regards, Bostjan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] safe mode
Hey! I presently require hosting with a company that has their servers in Sweden, and I need a shared hosting account, any recommendations are welcome, the server is for a client. I have found quire a few via google but I noticed most of them are with Safemode ON and Register_globals ON which I find to be quite strange because I have always hosted on a regular server with safe mode off, register_ globals does not really metter, as if it was off I didnt do anything but if it was on I used a htaccess file to put the b**ch off :-) I have done a little reading on Safe Mode, but I'm looking for _your_ experiences with safe mode and the problems you have faced or/and any warnings for me. Will continue to read and search via google while i wait for your answer/s. OT-Another difference I have noticed with Swedish hosts and American hosts is...more than 50% of the hosts here are offering _no_ limit to traffic!! (As long as you are not offering music, movies,porn or torrent trackers on the site) Thanks, Ryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SAFE MODE Restriction - mkdir()
To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm On 25 November 2004 00:47, SED wrote: Then, shouldn't the owner be able to handle the new directory? In my case, the owner creates the directory X but can't create a subdirectory inside the directory X! nor save a file into it! Can you explain that? Is the PHP not always running as the same user? Or is it base on type of the function? It works like this: (1) Script (owned by you) attempts to access original directory (owned by you, presumably) -- ok. (2) Script (owned by you, but running as Apache user) creates new subdirectory (set to be owned by user *running* the script, i.e. Apache user). (3) Script (owned by you) attempts to access new subdirectory (owned by Apache user) -- denied. So, yes, you can create a directory which it is then impossible to access -- this is an unfortunate side-effect of safe mode when PHP runs as an Apache module and hence as the Apache user. This is why hosted services often use chrooted jails with PHP as a CGI -- the individual copies of PHP then run with the appropriate uids of the host usernames. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Headingley Campus, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SAFE MODE Restriction - mkdir()
SED wrote: It just seems not making sence. I have read the manual and it does not explain this specially. If the user owns this folder: www\myfolders And runs a PHP-script in safe mode that creates the folder www\myfolders\who. Who owns the who folder? If the webserver is run under user nobody, then who folder is owned by user nobody. Only root can change owners so there's no way around it. I assume the owner. If so, why can't the PHP-script create another folder inside like www\myfolders\who\this like before? Webserver running under user nobody reads in your script owned by you. PHP has safe mode on, so everytime it creates a file or directory it checks if the owner of the parent directory is the same as the owner of the php script being executed. If it's not, it issues an SAFE MODE Restriction in effect error. If the user of the php process (UID) is the owner of the new folder, why can't it create a folder inside its own folder? Is it because it's triggered by a user different from the user of the PHP process? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SAFE MODE Restriction - mkdir()
This answer from Mike solved this (e.g. create a CGI process for this task): [...] So, yes, you can create a directory which it is then impossible to access -- this is an unfortunate side-effect of safe mode when PHP runs as an Apache module and hence as the Apache user. This is why hosted services often use chrooted jails with PHP as a CGI -- the individual copies of PHP then run with the appropriate uids of the host usernames. [...] Regards, Summi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] SAFE MODE Restriction - mkdir()
Hi, I have very wierd situation. The ISP is running in SAFE MODE. I use PHP to create a directory with mkdir(something, 0777), it works great! However, if I try to create a sub-directory (e.g. something2) in the something directory, I get the following: Warning: SAFE MODE Restriction in effect. The script whose uid is 3703 is not allowed to access something owned by uid 508 in /www/login/filer.php on line 287 However, if I check the chmod of something directory it's 777. Why can't I use PHP-uid to do create or upload files to this something directory, which PHP-uid itself created? Regards, Summi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SAFE MODE Restriction - mkdir()
SED wrote: Hi, I have very wierd situation. The ISP is running in SAFE MODE. I use PHP to create a directory with mkdir(something, 0777), it works great! However, if I try to create a sub-directory (e.g. something2) in the something directory, I get the following: Warning: SAFE MODE Restriction in effect. The script whose uid is 3703 is not allowed to access something owned by uid 508 in /www/login/filer.php on line 287 However, if I check the chmod of something directory it's 777. Why can't I use PHP-uid to do create or upload files to this something directory, which PHP-uid itself created? Because SAFE MODE is on :-) It's all in the manual. something is created by the server process so it's also owned by server process. The script is owned by you and can access only directories and files owned by you. You can try to change the group (chgrp()) if safe_mode_gid is on, or use ftp functions to create the directories. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SAFE MODE Restriction - mkdir()
Then, shouldn't the owner be able to handle the new directory? In my case, the owner creates the directory X but can't create a subdirectory inside the directory X! nor save a file into it! Can you explain that? Is the PHP not always running as the same user? Or is it base on type of the function? Regards, Summi -Original Message- From: Marek Kilimajer [mailto:[EMAIL PROTECTED] Sent: 25. nóvember 2004 00:05 To: SED Cc: [EMAIL PROTECTED] Subject: Re: [PHP] SAFE MODE Restriction - mkdir() SED wrote: Hi, I have very wierd situation. The ISP is running in SAFE MODE. I use PHP to create a directory with mkdir(something, 0777), it works great! However, if I try to create a sub-directory (e.g. something2) in the something directory, I get the following: Warning: SAFE MODE Restriction in effect. The script whose uid is 3703 is not allowed to access something owned by uid 508 in /www/login/filer.php on line 287 However, if I check the chmod of something directory it's 777. Why can't I use PHP-uid to do create or upload files to this something directory, which PHP-uid itself created? Because SAFE MODE is on :-) It's all in the manual. something is created by the server process so it's also owned by server process. The script is owned by you and can access only directories and files owned by you. You can try to change the group (chgrp()) if safe_mode_gid is on, or use ftp functions to create the directories. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SAFE MODE Restriction - mkdir()
SED wrote: Then, shouldn't the owner be able to handle the new directory? In my case, the owner creates the directory X but can't create a subdirectory inside the directory X! nor save a file into it! Can you explain that? Is the PHP not always running as the same user? Or is it base on type of the function? Once again: the user of the php process is different from the owner of the php script. And this is what matters. The limitation is not at operating system level, but php willingly chooses not to let you create the subdirectory (because safe mode is on) Regards, Summi -Original Message- From: Marek Kilimajer [mailto:[EMAIL PROTECTED] Sent: 25. nóvember 2004 00:05 To: SED Cc: [EMAIL PROTECTED] Subject: Re: [PHP] SAFE MODE Restriction - mkdir() SED wrote: Hi, I have very wierd situation. The ISP is running in SAFE MODE. I use PHP to create a directory with mkdir(something, 0777), it works great! However, if I try to create a sub-directory (e.g. something2) in the something directory, I get the following: Warning: SAFE MODE Restriction in effect. The script whose uid is 3703 is not allowed to access something owned by uid 508 in /www/login/filer.php on line 287 However, if I check the chmod of something directory it's 777. Why can't I use PHP-uid to do create or upload files to this something directory, which PHP-uid itself created? Because SAFE MODE is on :-) It's all in the manual. something is created by the server process so it's also owned by server process. The script is owned by you and can access only directories and files owned by you. You can try to change the group (chgrp()) if safe_mode_gid is on, or use ftp functions to create the directories. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SAFE MODE Restriction - mkdir()
It just seems not making sence. I have read the manual and it does not explain this specially. If the user owns this folder: www\myfolders And runs a PHP-script in safe mode that creates the folder www\myfolders\who. Who owns the who folder? I assume the owner. If so, why can't the PHP-script create another folder inside like www\myfolders\who\this like before? If the user of the php process (UID) is the owner of the new folder, why can't it create a folder inside its own folder? Is it because it's triggered by a user different from the user of the PHP process? Regards, Summi -Original Message- From: Marek Kilimajer [mailto:[EMAIL PROTECTED] Sent: 25. nóvember 2004 01:13 To: SED Cc: [EMAIL PROTECTED] Subject: Re: [PHP] SAFE MODE Restriction - mkdir() SED wrote: Then, shouldn't the owner be able to handle the new directory? In my case, the owner creates the directory X but can't create a subdirectory inside the directory X! nor save a file into it! Can you explain that? Is the PHP not always running as the same user? Or is it base on type of the function? Once again: the user of the php process is different from the owner of the php script. And this is what matters. The limitation is not at operating system level, but php willingly chooses not to let you create the subdirectory (because safe mode is on) Regards, Summi -Original Message- From: Marek Kilimajer [mailto:[EMAIL PROTECTED] Sent: 25. nóvember 2004 00:05 To: SED Cc: [EMAIL PROTECTED] Subject: Re: [PHP] SAFE MODE Restriction - mkdir() SED wrote: Hi, I have very wierd situation. The ISP is running in SAFE MODE. I use PHP to create a directory with mkdir(something, 0777), it works great! However, if I try to create a sub-directory (e.g. something2) in the something directory, I get the following: Warning: SAFE MODE Restriction in effect. The script whose uid is 3703 is not allowed to access something owned by uid 508 in /www/login/filer.php on line 287 However, if I check the chmod of something directory it's 777. Why can't I use PHP-uid to do create or upload files to this something directory, which PHP-uid itself created? Because SAFE MODE is on :-) It's all in the manual. something is created by the server process so it's also owned by server process. The script is owned by you and can access only directories and files owned by you. You can try to change the group (chgrp()) if safe_mode_gid is on, or use ftp functions to create the directories. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SAFE MODE Restriction - mkdir()
Hi sed, which version of PHP you using? may not be just Safe Mode. is it the script working well before the safe mode is on? yours, Michael -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SAFE MODE Restriction - mkdir()
The PHP Version is 4.2.3 on Apache/1.3.27. I'm not the admin on this server. However, I have done this often on other servers, both in safe mode and not, with good success. This is the first time I try this on this server. The ISP-admin is also trying to solve this but with not luck at this time. Regards, Summi -Original Message- From: Michael Leung [mailto:[EMAIL PROTECTED] Sent: 25. nóvember 2004 03:21 To: SED Cc: [EMAIL PROTECTED] Subject: Re: [PHP] SAFE MODE Restriction - mkdir() Hi sed, which version of PHP you using? may not be just Safe Mode. is it the script working well before the safe mode is on? yours, Michael -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SAFE MODE Restriction - mkdir()
Hi, I have faced the same problem after the upgrade my server from php 4.2.2 to php 5.0.2. I tested mkdir() in both in safe_mode on and off. I have posted this to php-bug. yours, Michael -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode imagecreatefromjpeg
Paulo JF Silva wrote: Hi, I have PHP 4.3.5 and safe mode on. When I create a new image with imagecreatefromjpeg(), the image owner is 'httpd' and not my ftp user. [this is in a shared host]. I would like to know if there is any way to create the image with my user... I can workaround mkdir stuff with ftp access but i can't figure out a workaround this 'problem' caused by safe mode. It's a little tricky. You need to catch imagecreatefromjpeg() output using output buffering, then open a temporary file, write the output there, rewind(), and ftp_fput(). Haven't tried it, but should work. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode imagecreatefromjpeg
* Thus wrote Paulo JF Silva: Hi, I have PHP 4.3.5 and safe mode on. When I create a new image with imagecreatefromjpeg(), the image owner is 'httpd' and not my ftp user. [this is in a shared host]. I would like to know if there is any way to create the image with my user... I can workaround mkdir stuff with ftp access but i can't figure out a workaround this 'problem' caused by safe mode. You'll have to request to the hosting company to make it possible that your ftp user can have 'rwx' permissions to the files that the webserver creates. The security implications will have to be up to them. Curt -- The above comments may offend you. flame at will. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Safe mode imagecreatefromjpeg
Hi, I have PHP 4.3.5 and safe mode on. When I create a new image with imagecreatefromjpeg(), the image owner is 'httpd' and not my ftp user. [this is in a shared host]. I would like to know if there is any way to create the image with my user... I can workaround mkdir stuff with ftp access but i can't figure out a workaround this 'problem' caused by safe mode. Any sugestion? TIA, Paulo JF Silva -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] safe mode?
Hello all... I finally have an upload script partly working but am not running into this problem. I have this code which executes when the user visits the image upload page: snip if (!file_exists(../images/property_$id)){ mkdir(../images/property_$id, 0700);} $upload_dir = ../images/property_$id; /snip When the user executes the script, it returns and runs this code: snip if($_FILES['file']['name'][$i]) { $file_to_upload = $upload_dir./.$_FILES['file']['name'][$i]; $thisName=$_FILES['file']['name'][$i]; move_uploaded_file($_FILES['file']['tmp_name'][$i],$file_to_upload); } /snip And I get these errors:: Warning: move_uploaded_file(): SAFE MODE Restriction in effect. The script whose uid is 1044 is not allowed to access /images/property_128873 owned by uid 1002 in /imageupload.inc.php on line 39 then a bunch of other related errors. I have tried to using 0777 also. How can I get around SAFE MODE as I can't easily change the ini file as it is on my hosts server. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode?
blackwater dev wrote: Hello all... I finally have an upload script partly working but am not running into this problem. I have this code which executes when the user visits the image upload page: snip if (!file_exists(../images/property_$id)){ mkdir(../images/property_$id, 0700);} $upload_dir = ../images/property_$id; /snip When the user executes the script, it returns and runs this code: snip if($_FILES['file']['name'][$i]) { $file_to_upload = $upload_dir./.$_FILES['file']['name'][$i]; $thisName=$_FILES['file']['name'][$i]; move_uploaded_file($_FILES['file']['tmp_name'][$i],$file_to_upload); } /snip And I get these errors:: Warning: move_uploaded_file(): SAFE MODE Restriction in effect. The script whose uid is 1044 is not allowed to access /images/property_128873 owned by uid 1002 in /imageupload.inc.php on line 39 then a bunch of other related errors. I have tried to using 0777 also. How can I get around SAFE MODE as I can't easily change the ini file as it is on my hosts server. Thanks! Use ftp function to create the upload directory. Login as userid 1044, create the directory, change it's permission, and you are done -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode?
so do this each time? I need a routine that will dynamically create a folder, then use that folder to upload images. This problem doesn't exists just on one directory but on all directories dynamically created. Thanks! On Wed, 29 Sep 2004 21:48:05 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: blackwater dev wrote: Hello all... I finally have an upload script partly working but am not running into this problem. I have this code which executes when the user visits the image upload page: snip if (!file_exists(../images/property_$id)){ mkdir(../images/property_$id, 0700);} $upload_dir = ../images/property_$id; /snip When the user executes the script, it returns and runs this code: snip if($_FILES['file']['name'][$i]) { $file_to_upload = $upload_dir./.$_FILES['file']['name'][$i]; $thisName=$_FILES['file']['name'][$i]; move_uploaded_file($_FILES['file']['tmp_name'][$i],$file_to_upload); } /snip And I get these errors:: Warning: move_uploaded_file(): SAFE MODE Restriction in effect. The script whose uid is 1044 is not allowed to access /images/property_128873 owned by uid 1002 in /imageupload.inc.php on line 39 then a bunch of other related errors. I have tried to using 0777 also. How can I get around SAFE MODE as I can't easily change the ini file as it is on my hosts server. Thanks! Use ftp function to create the upload directory. Login as userid 1044, create the directory, change it's permission, and you are done -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode?
blackwater dev wrote: so do this each time? I need a routine that will dynamically create a folder, then use that folder to upload images. This problem doesn't exists just on one directory but on all directories dynamically created. I mean PHP ftp functions. http://www.php.net/ftp Thanks! On Wed, 29 Sep 2004 21:48:05 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: blackwater dev wrote: Hello all... I finally have an upload script partly working but am not running into this problem. I have this code which executes when the user visits the image upload page: snip if (!file_exists(../images/property_$id)){ mkdir(../images/property_$id, 0700);} $upload_dir = ../images/property_$id; /snip When the user executes the script, it returns and runs this code: snip if($_FILES['file']['name'][$i]) { $file_to_upload = $upload_dir./.$_FILES['file']['name'][$i]; $thisName=$_FILES['file']['name'][$i]; move_uploaded_file($_FILES['file']['tmp_name'][$i],$file_to_upload); } /snip And I get these errors:: Warning: move_uploaded_file(): SAFE MODE Restriction in effect. The script whose uid is 1044 is not allowed to access /images/property_128873 owned by uid 1002 in /imageupload.inc.php on line 39 then a bunch of other related errors. I have tried to using 0777 also. How can I get around SAFE MODE as I can't easily change the ini file as it is on my hosts server. Thanks! Use ftp function to create the upload directory. Login as userid 1044, create the directory, change it's permission, and you are done -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
Ok. How about set the safe_mode_exec_dir to /dev/null then ? On Wed, 30 Jun 2004 21:55:17 -0700, Justin Patrin [EMAIL PROTECTED] wrote: YES. You need to set the safe_mode_exec_dir path to be some path without binaries. Such as: /etc, although that's a bad example. Make a directory with only root write access and point that config option to it. On Wed, 30 Jun 2004 22:31:27 -0400, robert mena [EMAIL PROTECTED] wrote: Marek, Justin, am I doing something wrong with the setup because I saw the logs and a redeye.php was used to system(perl -) and was not supposed to. On Thu, 01 Jul 2004 00:32:07 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: Justin Patrin wrote --- napísal:: On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php If you have safe mode on, you can set various things to stop this. One is safe_mode_exec_dir. Actualy you have to if you want to use any of the exec functions: !DSPAM:40e37582309468563245817! -- paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
That *may* not work as it's a file, not a folder. You're welcome to try, though. :-) On Fri, 2 Jul 2004 14:19:25 -0400, robert mena [EMAIL PROTECTED] wrote: Ok. How about set the safe_mode_exec_dir to /dev/null then ? On Wed, 30 Jun 2004 21:55:17 -0700, Justin Patrin [EMAIL PROTECTED] wrote: YES. You need to set the safe_mode_exec_dir path to be some path without binaries. Such as: /etc, although that's a bad example. Make a directory with only root write access and point that config option to it. On Wed, 30 Jun 2004 22:31:27 -0400, robert mena [EMAIL PROTECTED] wrote: Marek, Justin, am I doing something wrong with the setup because I saw the logs and a redeye.php was used to system(perl -) and was not supposed to. On Thu, 01 Jul 2004 00:32:07 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: Justin Patrin wrote --- napísal:: On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php If you have safe mode on, you can set various things to stop this. One is safe_mode_exec_dir. Actualy you have to if you want to use any of the exec functions: -- paperCrane --Justin Patrin-- !DSPAM:40e5a54342181346017871! -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
Ok. It did not worked. I had to create an empy dir. Well, one problem. Since I have users with ftp access and they host php scripts that handle file uploads. The files are created with apache.apache and are usually moved to the user's directory using move_uploaded_file. Since the owner/gorup of the script would be foo.ftponly this would fail due to uid differences. How do I solve this ? Change the user's group from ftponly to apache and use the safe_mode_gid on ? - rt On Fri, 2 Jul 2004 11:28:39 -0700, Justin Patrin [EMAIL PROTECTED] wrote: That *may* not work as it's a file, not a folder. You're welcome to try, though. :-) On Fri, 2 Jul 2004 14:19:25 -0400, robert mena [EMAIL PROTECTED] wrote: Ok. How about set the safe_mode_exec_dir to /dev/null then ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] safe mode/open basedir not working ?
Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
Marek, but the program was executed using a system call from a php script. - rt On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php If you have safe mode on, you can set various things to stop this. One is safe_mode_exec_dir. You can specify a directory with binaries the users can run. Anything outside of that PHP won't run. Just set it to a path with no binaries (and no write access fromusers) and they won't be able to run outside programs unless you let them. You can also put some funcitons in disable_functions, such as system() and exec(), poper(), proc_open(), passthru(), and shell_exec(). Disabling shell_exec() also disables backticks (`) (I think). -- paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
Thats just what he said :p Robert Mena wrote: Marek, but the program was executed using a system call from a php script. - rt On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
robert mena wrote --- napísal:: Marek, but the program was executed using a system call from a php script. - rt And that's what I mean. Every fopen call (almost) in the php binary is wrapped around the safe mode checks. But once you leave the php binary, or even load a php module that does not use this wrapper, safe mode does not work anymore. On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
Justin Patrin wrote --- napísal:: On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php If you have safe mode on, you can set various things to stop this. One is safe_mode_exec_dir. Actualy you have to if you want to use any of the exec functions: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
Marek, Justin, am I doing something wrong with the setup because I saw the logs and a redeye.php was used to system(perl -) and was not supposed to. On Thu, 01 Jul 2004 00:32:07 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: Justin Patrin wrote --- napísal:: On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php If you have safe mode on, you can set various things to stop this. One is safe_mode_exec_dir. Actualy you have to if you want to use any of the exec functions: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
YES. You need to set the safe_mode_exec_dir path to be some path without binaries. Such as: /etc, although that's a bad example. Make a directory with only root write access and point that config option to it. On Wed, 30 Jun 2004 22:31:27 -0400, robert mena [EMAIL PROTECTED] wrote: Marek, Justin, am I doing something wrong with the setup because I saw the logs and a redeye.php was used to system(perl -) and was not supposed to. On Thu, 01 Jul 2004 00:32:07 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: Justin Patrin wrote --- napísal:: On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php If you have safe mode on, you can set various things to stop this. One is safe_mode_exec_dir. Actualy you have to if you want to use any of the exec functions: !DSPAM:40e37582309468563245817! -- paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Safe mode effect
HI, goole.com found so many details about safe mode too much to understand. My hosting provider set php safe mode = enable . so iam unable to use so many scripts . can any one give good free image gallery software which will work under safe mode = enable . is it true that with apache 2.x version , we can get ride of php safe mode ? - thanks for your time -- Knowledge is power share it - http://ravikumar.info -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode effect
Ravi kumar wrote: HI, goole.com found so many details about safe mode too much to understand. My hosting provider set php safe mode = enable . so iam unable to use so many scripts . can any one give good free image gallery software which will work under safe mode = enable . is it true that with apache 2.x version , we can get ride of php safe mode ? - thanks for your time I don't know of any gallery that can run under safe mode (I did not look), but galleries that I made use ftp functions to upload the images under the same owner as the scripts. Then you can work with the images. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
Can safe mode be turned off in the .htaccess file? I don't know the gallery script but setting safe_mode_include_dir should help. Ask the admin to set it to your directory for your virtual host. Another option would be to use ftp functions to upload the images to your directory, but you would have to rewrite the script. According the safe-mode page http://us4.php.net/features.safe-mode in http.conf : Directory /docroot php_admin_value open_basedir /docroot # In your case safe_mode_include_dir /Directory Can php_admin_value be inlcuding in the *.php pages and/or .htaccess. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
On Monday 23 February 2004 00:55, [EMAIL PROTECTED] wrote: Can safe mode be turned off in the .htaccess file? [snip] According the safe-mode page http://us4.php.net/features.safe-mode in http.conf : Directory /docroot php_admin_value open_basedir /docroot # In your case safe_mode_include_dir /Directory Can php_admin_value be inlcuding in the *.php pages and/or .htaccess. manual ini_set() -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* What an artist dies with me! -- Nero */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
According the safe-mode page http://us4.php.net/features.safe-mode in http.conf : Directory /docroot php_admin_value open_basedir /docroot # In your case safe_mode_include_dir /Directory Can php_admin_value be inlcuding in the *.php pages and/or .htaccess. manual ini_set() It would seem form the ini_set() comments that the answer to both is yet: - There is another possibility by changing PHP Settings! If your Webspace is able to handle .htaccess files, you're able to change PHP_INI Settings through this file! To disable register_globals you have to set: php_value register_globals 0 If you wanna set other settings, feel free, because there is no problem! These Settings are set before running the script, e.g. the results of register_globals, when setting a parameter in the URL like 'foo.php?foo=stuff', is not present, $foo is unset. If it´s not your server and therefore you want to hide the data in your session variables from other users, it´s very useful to set the session.save_handler in your scripts to shared memory with: ini_set('session.save_handler','mm'). Remember: You have to set it in every script that uses the session variables BEFORE session_start() or php won´t find them. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Safe Mode
Hi, I'm running PHP4.3 with Apache 1.3.26 on Linux with a number of vittual domains. Safe_mode is set by default for obvious reasons. I wan't to install gallery http://gallery.menalto.com/modules.php?op=modloadname=Newsfile=index It requires to be run without safe_mode. Is it possible to set Apache in such a way that everyting is run under safe-mode, except for a directory and everything underneath in a virtual domain? Thanks Nico -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
On Saturday, Feb 21, 2004, at 09:18 America/New_York, [EMAIL PROTECTED] wrote: Is it possible to set Apache in such a way that everyting is run under safe-mode, except for a directory and everything underneath in a virtual domain? Very likely yes, if your admin permits it. The place to look for an answer is in documentation for httpd.conf. Good luck. - Lucas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
Lucas Gonze wrote: On Saturday, Feb 21, 2004, at 09:18 America/New_York, [EMAIL PROTECTED] wrote: Is it possible to set Apache in such a way that everyting is run under safe-mode, except for a directory and everything underneath in a virtual domain? Very likely yes, if your admin permits it. The place to look for an answer is in documentation for httpd.conf. Good luck. - Lucas Can safe mode be turned off in the .htaccess file? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
On Saturday, Feb 21, 2004, at 20:17 America/New_York, [EMAIL PROTECTED] wrote: Lucas Gonze wrote: On Saturday, Feb 21, 2004, at 09:18 America/New_York, [EMAIL PROTECTED] wrote: Is it possible to set Apache in such a way that everyting is run under safe-mode, except for a directory and everything underneath in a virtual domain? Very likely yes, if your admin permits it. The place to look for an answer is in documentation for httpd.conf. Good luck. - Lucas Can safe mode be turned off in the .htaccess file? My guess is no. That is a decision which should belong to the server admin. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
Lucas Gonze wrote: On Saturday, Feb 21, 2004, at 20:17 America/New_York, [EMAIL PROTECTED] wrote: Lucas Gonze wrote: On Saturday, Feb 21, 2004, at 09:18 America/New_York, [EMAIL PROTECTED] wrote: Is it possible to set Apache in such a way that everyting is run under safe-mode, except for a directory and everything underneath in a virtual domain? Very likely yes, if your admin permits it. The place to look for an answer is in documentation for httpd.conf. Good luck. - Lucas Can safe mode be turned off in the .htaccess file? My guess is no. That is a decision which should belong to the server admin. Definately no. It would not be safe mode if anyone can turn it off. I don't know the gallery script but setting safe_mode_include_dir should help. Ask the admin to set it to your directory for your virtual host. Another option would be to use ftp functions to upload the images to your directory, but you would have to rewrite the script. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode and mail
Hello, This is a reply to an e-mail that you wrote on Fri, 20 Jun 2003 at 01:40, lines prefixed by '' were originally written by you. Hi, safe mode on and mass mailing wished. I know that it's not possible to set the time limit, when safe mode is on. Sure mass mailing using mail function takes longer than default execution time of the script. My codes should be portable, that why modification of php.ini is not an option. The users shouldn't be experinced and authorized to do this. In brief, I have to find a solution without a need to work in shell. So, due to my theoratical knowledge it seems to be a solution, to queue the mails to sendmail by using popen. Is it true? Or what could be your suggestion for this issue. Thanks in advance, Senih You could only send a certain amount of e-mails on each execution and use a meta-refresh to continually call the script. I do this on one site and also display a progress bar that updates on each refresh which is a bit better for the end user rather than have them staring at nothing until eventually all the mails have sent. All the best, David. -- phpmachine :: The quick and easy to use service providing you with professionally developed PHP scripts :: http://www.phpmachine.com/ Professional Web Development by David Nicholson http://www.djnicholson.com/ QuizSender.com - How well do your friends actually know you? http://www.quizsender.com/ (developed entirely in PHP) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] safe mode and mail
Hi, safe mode on and mass mailing wished. I know that it's not possible to set the time limit, when safe mode is on. Sure mass mailing using mail function takes longer than default execution time of the script. My codes should be portable, that why modification of php.ini is not an option. The users shouldn't be experinced and authorized to do this. In brief, I have to find a solution without a need to work in shell. So, due to my theoratical knowledge it seems to be a solution, to queue the mails to sendmail by using popen. Is it true? Or what could be your suggestion for this issue. Thanks in advance, Senih --- Outgoing mail is certified Virus Free. Bu mesaj virs taramasndan gemitir. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.489 / Virus Database: 288 - Release Date: 10.06.2003
[PHP] Safe mode Problem
How can I disable the Safe Mode for a php 4.3.2 compiled on linux with --enable-safe-mode. The problem is I can't touch the machine so I can't test if I change the setting in the php.ini it just ignore the flag and I don't have the posibility to reproduce this on my server. Even a link to where I can find docs about the options for compiling Php will be good. -- - Cristian MARIN InterAKT Online (www.interakt.ro) +4021 411 2610 [EMAIL PROTECTED]
[PHP] SAFE MODE Restriction in effect
Getting the below error from a php site I am developing. I am using a new server so I guess it is a php configuration thing, but how do I fix it. Ben Warning: SAFE MODE Restriction in effect. The script whose uid is 510 is not allowed to access /home/virtual/site4/fst/var/www/html/test owned by uid 0 in /home/virtual/site4/fst/var/www/html/test/lib/misc.inc on line 219 * Ben Edwards Tel +44 (0)1179 553 551 ICQ 42000477 * * Webhosting for the masses http://serverone.co.uk * * Critical Site Builderhttp://www.criticaldistribution.com * * online collaborative web authoring content management system * * Get alt news/views films online http://www.cultureshop.org * * i-Contact Progressive Video http://www.videonetwork.org * * Fun corporate graphics http://www.subvertise.org * * Bristol Indymedia http://bristol.indymedia.org * * Bristol's radical news http://www.bristle.org.uk * -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SAFE MODE Restriction in effect
$dp = opendir( $currdir ); Basically it seems like I need to turn 'SAFE MODE' off but I dont really know what it it or how to turn it off. In fact I am not sure where the config file is on a *nix box or what is it called. Ben At 15:58 09/06/2003 +0200, winst0n wrote: what does the line 219 in misc.inc ?! * Ben Edwards Tel +44 (0)1179 553 551 ICQ 42000477 * * Webhosting for the masses http://serverone.co.uk * * Critical Site Builderhttp://www.criticaldistribution.com * * online collaborative web authoring content management system * * Get alt news/views films online http://www.cultureshop.org * * i-Contact Progressive Video http://www.videonetwork.org * * Fun corporate graphics http://www.subvertise.org * * Bristol Indymedia http://bristol.indymedia.org * * Bristol's radical news http://www.bristle.org.uk * -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SAFE MODE Restriction in effect
Changed it to dir but not made any difference. I have root access to the server so could change php.ini. However ; Safe Mode ; safe_mode = Off ; By default, Safe Mode does a UID compare check when ; opening files. If you want to relax this to a GID compare, ; then turn on safe_mode_gid. safe_mode_gid = Off So not quite sure why there is a phoblem Ben At 16:23 09/06/2003 +0200, winst0n wrote: Ok, I think the php comand opendir is blocked for security reason. Try with this : $dp = dir($currdir ); dir() and opendir() are the same for client. A lot of hostserver disable opendir(), I dont know why, but they do ;) * Ben Edwards Tel +44 (0)1179 553 551 ICQ 42000477 * * Webhosting for the masses http://serverone.co.uk * * Critical Site Builderhttp://www.criticaldistribution.com * * online collaborative web authoring content management system * * Get alt news/views films online http://www.cultureshop.org * * i-Contact Progressive Video http://www.videonetwork.org * * Fun corporate graphics http://www.subvertise.org * * Bristol Indymedia http://bristol.indymedia.org * * Bristol's radical news http://www.bristle.org.uk * -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] safe mode not working
I've enabled safe mode on my local test server, but it doesn't seem to be working. If I run a script owned by one user (me), and within it include (using include()) another script or file owned by another user, the include is successful, whereas it shouldn't be in safe mode. I can verify through phpinfo() that safe_mode is on. And the problem occurs whether safe_mode_include_dir remains unset or set to an empty directory. Any ideas? Thanks, --Dave -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] safe mode on Mac OS X?
More safe mode questions: I'm using the standard binary distribution of PHP on Mac OS X -- the one managed by Marc Liyanage, not the one that ships with OS X -- and can't seem to get safe mode working. I can turn it on and it doesn't generate any errors, but it doesn't restrict access to files as it should either. If I do a phpinfo(), I can see that the safe_mode variable is set to On, but I don't see anything in the compiler directives at the top about it, whereas there is an --enable-safe-mode item in the compiler directives on my Web hosting company's PHP installation (though safe_mode is set to Off there). Does anyone know if safe_mode works in this binary OS X install of PHP? Do I need to compile my own? Thanks, --Dave -- David A. Feldman User Interface Designer [EMAIL PROTECTED] http://InterfaceThis.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] safe mode
Hi all I'm having troubles with the safe mode. My ISP has safe mode ON. Now i'm busy accessing files, deleting uploaded files, moving them and so on. Different actions are performed by different scripts. I want to make use of functions like stat() and so on, but each time I get the warning: Warning: file_exists() [function.file-exists]: SAFE MODE Restriction in effect. The script whose uid is 884 is not allowed to access /opt/guide/www.company.com.nl/HTML/myDir owned by uid 99 Since safe mode is ON and I can't change it in php.ini of my ISP I am wondering what to do now? There is this whole lot of file functions which I wanna use, but each time I'm getting the warning or warnings that look like the one above. I already tried ini_set(safe_mode,0) but since the script is already accessed this action comes too late and even more important, according to the manual this entry can be set only in php.ini or httpd.conf (PHP_INI_SYSTEM) . Does anybody know a safe workaround for this phenomenon? Any tips are most welcome! Regards Wilbert Enserink - Pas de Deux Van Mierisstraat 25 2526 NM Den Haag tel 070 4450855 fax 070 4450852 http://www.pdd.nl [EMAIL PROTECTED] - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode problem
I recomend you use ftp functions to upload the script to your site (from the generating file). If you only use normal filesystem function, the newly created file will get the owner of the http server. gurvinder singh wrote: and how can i be root from a php script? i want chown from the script itself which created the page. -Original Message- From: Marek Kilimajer [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 12:39 PM To: Gurvinder Singh Cc: [EMAIL PROTECTED] Subject: Re: [PHP] safe mode problem what you did should work (you must be root to change owner). You can use -R switch to change owner recursively Gurvinder Singh wrote: hi i create a php page dynamically in my php script. this page include one of my other php file. when i run the newly created script i get this error Warning: SAFE MODE Restriction in effect. The script whose uid is 48 is not allowed to access file.php owned by uid 831 Is there a way to handle this. i even tried chown to change the newly created file's owner to be 831 but it doesnt seem to work Thanks Regards Gurvinder -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode problem
what you did should work (you must be root to change owner). You can use -R switch to change owner recursively Gurvinder Singh wrote: hi i create a php page dynamically in my php script. this page include one of my other php file. when i run the newly created script i get this error Warning: SAFE MODE Restriction in effect. The script whose uid is 48 is not allowed to access file.php owned by uid 831 Is there a way to handle this. i even tried chown to change the newly created file's owner to be 831 but it doesnt seem to work Thanks Regards Gurvinder -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode problem
At 11:39 3-2-03, you wrote: what you did should work (you must be root to change owner). You can use -R switch to change owner recursively Gurvinder Singh wrote: hi i create a php page dynamically in my php script. this page include one of my other php file. when i run the newly created script i get this error Warning: SAFE MODE Restriction in effect. The script whose uid is 48 is not allowed to access file.php owned by uid 831 Is there a way to handle this. i even tried chown to change the newly created file's owner to be 831 but it doesnt seem to work I think you did it just the wrong way round, the way i read it the owner of the file you wanted to read already was 831, so try to chown it to 48. Safe mode writes files with chmod 750, so now effectively 0 for the php script that tries to reach it. In stead of chowning, you can also chmod the file to read (file.php) to 777, if you do not mind the security too much, if possible take the file out of the www directory. I have a big problem with safe mode now with a script that needs to create subdirectories itself, so with every new added course i would need to go and change the chmod by FTP. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] safe mode problem
and how can i be root from a php script? i want chown from the script itself which created the page. -Original Message- From: Marek Kilimajer [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 12:39 PM To: Gurvinder Singh Cc: [EMAIL PROTECTED] Subject: Re: [PHP] safe mode problem what you did should work (you must be root to change owner). You can use -R switch to change owner recursively Gurvinder Singh wrote: hi i create a php page dynamically in my php script. this page include one of my other php file. when i run the newly created script i get this error Warning: SAFE MODE Restriction in effect. The script whose uid is 48 is not allowed to access file.php owned by uid 831 Is there a way to handle this. i even tried chown to change the newly created file's owner to be 831 but it doesnt seem to work Thanks Regards Gurvinder -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] safe mode problem
hi i create a php page dynamically in my php script. this page include one of my other php file. when i run the newly created script i get this error Warning: SAFE MODE Restriction in effect. The script whose uid is 48 is not allowed to access file.php owned by uid 831 Is there a way to handle this. i even tried chown to change the newly created file's owner to be 831 but it doesnt seem to work Thanks Regards Gurvinder -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Safe mode and safe_mode_exec_dir
Hello all, I'm having a bit of a problem making a particular configuration with PHP and Apache. Here's the deal: I want to have php running with safe mode, so i define safe mode = On on /etc/php.ini. I have this script that i need to execute two programas, with exec(). So, in apache, i define a directory directive, where i put php_admin_value safe_mode_exec_dir /some/path/bin, so that the scripts contained in the directory are able to execute binaries in /some/path/bin. I also define open_basedir to .. This doesn't work. In fact, defining safe_mode_exec_dir = /some/path/bin directly in /etc/php.ini doesn't work either. I noticed PHP was compiled with --with-exec-dir=/usr/bin, but i suppose that what we define in php.ini (at least) overrides that. I can only execute the bins with safe mode off... and i see nothing on the logs, because for what i can see php logs nothing if it cannot execute a program I'm using PHP 4.2.3 and Apache 1.3.23 (RedHat) Any help will be appreciated, Regards -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Safe mode and directory permission
Hello, I'm working with Safe mode and I have a big trouble how the PHP is behaved. I have the web root and under them is directory, where my scripts are. This is my situation: rwxr-xr-x www www /var/www/htdocs Web root rwxr-xr-x www www /var/www/htdocs/test PHP scripts rw-r--r-- user user /var/www/htdocs/test/safe.php script ?php readfile(noowner); readfile(owner); ? rw-r--r-- abc abc /var/www/htdocs/test/noowner.php script rw-r--r-- user user /var/www/htdocs/test/owener.php script And everything is working OK. That mean the noowner file is not included in script. BUT I need to change the owner of directory to user USER and after that change, the file noowner is included in spite of the user is different. New situation: rwxr-xr-x www www /var/www/htdocs Web root rwxr-xr-x user user /var/www/htdocs/test PHP scripts rw-r--r-- user user /var/www/htdocs/test/safe.php script ?php readfile(noowner); readfile(owner); ? rw-r--r-- abc abc /var/www/htdocs/test/noowner.php script rw-r--r-- user user /var/www/htdocs/test/owener.php script My configuration: Apache 2.0.40 and PHP 4.2.3, the same problem on Apache 2.0.39 and PHP 4.2.2. Do you know, where the problem is? Thanks, Rudolf Wolf. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Safe mode? newbie alert!
Hi Everyone, I have a small question and just need some general direction, tried the mothership(google) but got too many results and got more confused. What is safe mode? If you have any URL or file that can explain it kindly give it to me... cheers and thanks again, -Ryan.
Re: [PHP] Safe mode? newbie alert!
Try the "mothership" again and type php and "safe mode" Click "Search". The first two results: http://www.dynamic-webpages.de/php/features.safe-mode.php http://info.ccone.at/INFO/PHP4/features.safe-mode.html You can read only ONE so as not to get more confused... :) - E PS Of course, you can the info here as well: http://www.php.net/manual/en/features.safe-mode.php Hi Everyone, I have a small question and just need some general direction, tried the mothership(google) but got too many results and got more confused. What is safe mode? If you have any URL or file that can explain it kindly give it to me... cheers and thanks again, -Ryan. _ $B$+$o$$$/$FL{2w$J%$%i%9%HK~:\(B MSN $B%-%c%i%/%?!<(B http://character.msn.co.jp/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Edwin-Re: [PHP] Safe mode? newbie alert!
Hey, Thanks for the reply, what you sent me I had already read on other sitesI just didnt understand them! I basically wanted a longer explanation. Thanks anyway, -Ryan. - Original Message - From: "@ Edwin" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, September 01, 2002 2:49 PM Subject: Re: [PHP] Safe mode? newbie alert! Try the "mothership" again and type php and "safe mode" Click "Search". The first two results: http://www.dynamic-webpages.de/php/features.safe-mode.php http://info.ccone.at/INFO/PHP4/features.safe-mode.html You can read only ONE so as not to get more confused... :) - E PS Of course, you can the info here as well: http://www.php.net/manual/en/features.safe-mode.php Hi Everyone, I have a small question and just need some general direction, tried the mothership(google) but got too many results and got more confused. What is safe mode? If you have any URL or file that can explain it kindly give it to me... cheers and thanks again, -Ryan. _ $B$+$o$$$/$FL{2w$J%$%i%9%HK~:\(B MSN $B%-%c%i%/%?!<(B http://character.msn.co.jp/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Safe Mode seems to turn on and off randomly
Hi, I was discussing with a friend at a webhost I use and they have been experience a wierd problem recently with their php safe mode, I went to help and after spending a while in the bug database I couldn't find anything to explain it. Basically every time you view a phpinfo page it will randomly change the local setting for safe mode from on or off, where the global setting is allways on... We also found out that if you run a php script 1000 times echoing the state of safemode it is constant for out the execution of the script, but it might change the next time we re-fresh the page. The servers which are affected are using Plesk which is a control panel thing which basically bundles freeBSD, apache, php, mysql together with a PHP front end for users and admins...The current version of the software is as follows: PHP 4.1.0 Apache 1.3.22 FreeBSD 4.1-RELEASE (The builds would be newer but this is what the lastest Plesk provides) I was wondering if anyone could have a explaination for this bug, if you want to see it for yourself check out my http://www.lusernet.34sp.com/phpInfo.php page. Since I'm not a admin of this webhost, and I'm only really doing this because I'm curious as well I can't give any more server specific details then what is publicly available on the phpInfo page since I don't know them :) Anyway thanks for any reply Andrew
[PHP] safe mode and php cgi-binary
I have compiled and installed php4.2.1 on my linux www server that runs apache. Since we have many virtual hosts and utilize suexec I decided to install php as a binary and be able to use php as a cgi binary. I am able to run my php scripts through suexec which is great. The problem is that any changes I make to php.ini are not reflected on the php()info page. No doc_root, nothing Do I lose the safe mode ability since we installed as a cgi? What do I need to do to see what happening? Thanks. Lewis Watson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] SAFE MODE
How do i setup safe mode scripting (each script has a different uid) on my win32, apache, php setup? my plesk host has to use it and i want to be able to test my scripts on my own computer. i set safe mode = On in my php.ini file but the script still lets me include a file, whereas the script on my proper host doesnt. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Safe mode
On our server, PHP's compiled in Apache with --enable-safe-mode as well as the master php.ini file having safe_mode turned on. Does this override whatever's in an Apache configuration file? One of my vhosts has the following bit in it: IfModule mod_php4.c php_value include_path .:/usr/local/lib/php php_flag safe_mode On php_flag magic_quotes_gpc Off php_flag track_vars On php_flag track_errors On /IfModule And the safe_mode entry doesn't seem to have any effect what so ever. -- W | I haven't lost my mind; it's backed up on tape somewhere. + Ashley M. Kirchner mailto:[EMAIL PROTECTED] . 303.442.6410 x130 IT Director / SysAdmin / WebSmith . 800.441.3873 x130 Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave. #6 http://www.pcraft.com . . .. Boulder, CO 80303, U.S.A. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode
You need to use php_admin_flag for safe_mode. But I wouldn't expect any effect here since you defaulted it to On and in your httpd.conf you are turning it on... So what are you expecting to see different? -Rasmus On Fri, 26 Apr 2002, Ashley M. Kirchner wrote: On our server, PHP's compiled in Apache with --enable-safe-mode as well as the master php.ini file having safe_mode turned on. Does this override whatever's in an Apache configuration file? One of my vhosts has the following bit in it: IfModule mod_php4.c php_value include_path .:/usr/local/lib/php php_flag safe_mode On php_flag magic_quotes_gpc Off php_flag track_vars On php_flag track_errors On /IfModule And the safe_mode entry doesn't seem to have any effect what so ever. -- W | I haven't lost my mind; it's backed up on tape somewhere. + Ashley M. Kirchner mailto:[EMAIL PROTECTED] . 303.442.6410 x130 IT Director / SysAdmin / WebSmith . 800.441.3873 x130 Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave. #6 http://www.pcraft.com . . .. Boulder, CO 80303, U.S.A. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode
Rasmus Lerdorf wrote: You need to use php_admin_flag for safe_mode. And I suppose this page has an error on it then: http://www.php.net/manual/en/configuration.php Since it states php_flag, not php_admin_flag... -- Example 3-2. Apache configuration example IfModule mod_php4.c php_value include_path .:/usr/local/lib/php php_flag safe_mode on /IfModule IfModule mod_php3.c php3_include_path .:/usr/local/lib/php php3_safe_mode on /IfModule -- -- W | I haven't lost my mind; it's backed up on tape somewhere. + Ashley M. Kirchner mailto:[EMAIL PROTECTED] . 303.442.6410 x130 IT Director / SysAdmin / WebSmith . 800.441.3873 x130 Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave. #6 http://www.pcraft.com . . .. Boulder, CO 80303, U.S.A. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode
In article [EMAIL PROTECTED], [EMAIL PROTECTED] (Ashley M. Kirchner) wrote: Rasmus Lerdorf wrote: You need to use php_admin_flag for safe_mode. And I suppose this page has an error on it then: http://www.php.net/manual/en/configuration.php Since it states php_flag, not php_admin_flag... The beauty of the system is that when one spots such errors, one can immediately add a correction to the annotated docs. (Done.) -- CC -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
On Tue, 9 Apr 2002, Richard Lynch wrote: So, what's up with this: PHP /www/herolist.com/web/categories.html: 105 2 SAFE MODE Restriction in effect. The script whose uid is 1065 is not allowed to access /www/herolist.com/web/pictures/TERISBROTHER1thum.jpg owned by uid 1056 Note that the UIDs are the *same*. Maybe I'm missing something here, but 1065 != 1056. miguel Geez! I'm going bleary-eyed from looking at this. SORRY! Just ignore me. -- Got Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Safe Mode
Okay... I understand SAFE MODE limits me to opening files owned by the same user as owns the script, right?... So, what's up with this: PHP /www/herolist.com/web/categories.html: 105 2 SAFE MODE Restriction in effect. The script whose uid is 1065 is not allowed to access /www/herolist.com/web/pictures/TERISBROTHER1thum.jpg owned by uid 1056 Note that the UIDs are the *same*. I'm using http://php.net/getimagesize I'd tell you what PHP version I was using, if phpinfo() and phpversion() worked... Those yield: [domain name changed to protect the innocent] Warning: Failed opening '/www/example.com/web/phpinfo.php' for inclusion (include_path='./:/www/example.com/private/include:/www/example.com/php/') in Unknown on line 0 That also means I can't readily look up 'open_basedir' et al... It was 4.2.0-dev last I looked, but my ISP is very... aggressive about upgrading PHP :-) Please Cc: me on replies. Thanks! -- Got Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
On Tue, 9 Apr 2002, Richard Lynch wrote: So, what's up with this: PHP /www/herolist.com/web/categories.html: 105 2 SAFE MODE Restriction in effect. The script whose uid is 1065 is not allowed to access /www/herolist.com/web/pictures/TERISBROTHER1thum.jpg owned by uid 1056 Note that the UIDs are the *same*. Maybe I'm missing something here, but 1065 != 1056. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] safe mode and file handling
I and my www space provider have fought with a problem All files/directories created by PHP are owned by nobody/nobody and we want them to be created by my own uid/guid How this would be solved by least amount of modification in the scripts The problem is in that safe mode requires that the script and the directory containing the file/directory to be accessed is owned by me and only me If I tell PHP to create a directory test1 under my www root and then change to that directory and tell it to create another directory for example called test2, it fails because test1 is owned by nobody, not me
Re: [PHP] safe mode and file handling
The easiest way to make this work is to use open_basedir settings instead of safe_mode Safe_mode is specifically created to prevent you from doing what you are trying to do -Rasmus On Fri, 1 Mar 2002, Mika Lindqvist wrote: I and my www space provider have fought with a problem All files/directories created by PHP are owned by nobody/nobody and we want them to be created by my own uid/guid How this would be solved by least amount of modification in the scripts The problem is in that safe mode requires that the script and the directory containing the file/directory to be accessed is owned by me and only me If I tell PHP to create a directory test1 under my www root and then change to that directory and tell it to create another directory for example called test2, it fails because test1 is owned by nobody, not me -- PHP General Mailing List (http://wwwphpnet/) To unsubscribe, visit: http://wwwphpnet/unsubphp
Re: [PHP] safe mode and file handling
if you are on a unix system running with apache, you could modify the virtual host block and have apache run as your user name and then change the permissions of the docroot so you are the owner and group. Jim Lucas www.bend.com - Original Message - From: Mika Lindqvist [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 01, 2002 1:21 PM Subject: [PHP] safe mode and file handling I and my www space provider have fought with a problem. All files/directories created by PHP are owned by nobody/nobody and we want them to be created by my own uid/guid. How this would be solved by least amount of modification in the scripts. The problem is in that safe mode requires that the script and the directory containing the file/directory to be accessed is owned by me and only me. If I tell PHP to create a directory test1 under my www root and then change to that directory and tell it to create another directory for example called test2, it fails because test1 is owned by nobody, not me. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Safe mode/restricted directory file system operations
Apache server with PHP module Apache user is nobody:nobody Virtual user is user1:user1 in VirtualHost we have VirtualHost ip.add.re.ss DocumentRoot /www/user1 Directory /www/user1 Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny Allow from all /Directory php_admin_value upload_tmp_dir /www/user1/tmp php_admin_value open_base_dir /www/user1 /VirtualHost All files in /www/user1 including the user1 direcrot are owned by user1:user1 Having problems with 1) file uploads into tmp... nobody not having permission to move them into the final location 2) symlinking directories within the /www/user1 tree eg. unlink(/www/user1/mylink); symlink(mylink,/www/user1/NewDirToLinkTo); Fails with permission denied to Unlink, or Link (if the link is manually deleted) Removed the safe mode restrictions on this particular virtual host to try and accomodate some of these tasks, but to no avail. drawing a blank now from looking at it so long. Ideas or suggestions appreciated. Dave -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode/restricted directory file system operations
On Thu, 2002-02-21 at 10:44, Dave wrote: Apache server with PHP module Apache user is nobody:nobody Virtual user is user1:user1 [snip] Ideas or suggestions appreciated. Dave Well, this isn't really a PHP issue, but what the hell. If you need to do filesystem stuff as a certain user, the Apache module just ain't gonna do it for you. It'll always run as the httpd user. So you could very carefully set up directory permissions so that httpd has access to do what it needs, or you could just compile the CGI version of PHP and use it for the pages which need to do these uid/gid-related operations. (If used with something like suExec you can get it to act as any user you want.) The second option is probably the safest. -- Torben Wilson [EMAIL PROTECTED] http://www.thebuttlesschaps.com http://www.hybrid17.com http://www.inflatableeye.com +1.604.709.0506 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] safe mode/mkdir problem - HELP!
Hello! I'm trying to create a directory, let's say: /some/dir. My script (create_dir.cgi) is located at the cgi-bin directory and begins with #!/usr/bin/php. So it's like any other script, isn't it? The problem is: running php in safe mode with the script permissions: rwxr-xr-x 8 rootroot1234 Nov 14 12:28 create_dir.cgi I got: Warning: MkDir failed (Permission denied) in /var/www/cgi-bin/create_dir.cgi on line xxx When executing the instruction: mkdir('/some/dir', 0755); But /some permissions are: drwxr-xr-x8 root root 4096 Nov 14 12:28 /some Running in safe mode, I thought that I could use mkdir() to create it, because the ownerships are the same! Am I wrong? Safe mode only give access when the ownerships are the same. When I change the ownership to /some to the uid/gid apache is running (apache(48)/apache(48)), I get: Warning: SAFE MODE Restriction in effect. The script whose uid is 0 is not allowed to access /some/dir owned by uid 48 in /var/www/cgi-bin/create_dir.cgi on line xxx And another doubt is: running my script as a cgi, with the php binary outside the webserver tree, it runs like any other script (as written in the manual). I should be able to run it is setuid flags and get complete access, but even in this case the uid/gid that my script runs is always the webserver process uid/gid (apache/apache) I'm running RedHat Linux 7.2 with apache 1.3.22 and php 4.0.6. The php package includes the php apache module and the php binary. Thanks in advance, Roberto -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Safe Mode control
Hey all, I just finished an article on Safe Mode control for PHP but it is based on non-Win32 systems. Can somebody with a bit more experience in Win32 servers take a look at it and let me know what can be done to achieve, if not the same level of control then close to it, on a Win32 platform? The article is at: http://www.acnsnet.com/~slydder/stories/op/storiesView/sid/53/ thanks, chuck Chuck's Top 10 Things to Remember and Think about! === 10. Please return stewardess to original upright position. 9. Fighting for peace is like fucking for virginity. 8. Never date someone because you're too lazy to commit suicide. 7. It is not the fall that kills you. it's the sudden stop at the end. 6. You can't have everything. Where would you put it all? 5. Real Windows Performance, on the next In Search Of. 4. 2 rules to success in life. 1. Don't tell people everything you know. 3. 24 hours in a day, 24 beers in a case. Coincidence? 2. 9 out of 10 men who try Camels prefer women. 1. Always borrow money from a pesimist. They never expect it back anyway. That's it! NO MORE! JEEZ! GET BACK TO WORK! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Safe mode and dir permissions
Hi List, My ISP runs the PHP in Safe Mode, this is causing me a lot of trouble. In safe mode how can I change the permission of a dir to 0777?, my problem is that I've built a Content management system, and for every new people inserted the system creates a Directorie and will upload things automatically on it, but I couldn't create it with 0777 permission, so I can't upload nothing with PHP, and I don't have how change every single folder permissio by hand. Thank's -- Rodrigo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Safe mode and dir permissions
Hello, You can't change permissions in safe_mode. and for every new people inserted the system creates a Directorie and will upload things Maybe you give the new people something like a autonumbered userid. So you can created the dirs /userid0/, /userid1/ etc. already by hand. - Original Message - From: Rodrigo Peres [EMAIL PROTECTED] To: PHP [EMAIL PROTECTED] Sent: Friday, November 16, 2001 2:02 PM Subject: [PHP] Safe mode and dir permissions Hi List, My ISP runs the PHP in Safe Mode, this is causing me a lot of trouble. In safe mode how can I change the permission of a dir to 0777?, my problem is that I've built a Content management system, and for every new people inserted the system creates a Directorie and will upload things automatically on it, but I couldn't create it with 0777 permission, so I can't upload nothing with PHP, and I don't have how change every single folder permissio by hand. Thank's -- Rodrigo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Safe mode + /usr/share/php
Is it possible to use safe mode yet allow all scripts to include any files from /usr/share/php? Normal users ain't gonna have *write* access to that directory, so it shouldn't be much of a security concern, I just don't know how to do this. I know that I can disable safe_mode and enable open_basedir, but that will create yet another security hole because normal users will be able to alter LD_LIBRARY_PATH, which is not a very good idea. AFAIK, they can make PHP load a custom glibc and thus gain root access to the box if I allow them to do that. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Safe mode + /usr/share/php
A recent feature addition (4.0.7) is a safe_mode_include_dir php.ini directive where you can do exactly this. -Rasmus On Sun, 26 Aug 2001, Artyom Plouzhnikoff wrote: Is it possible to use safe mode yet allow all scripts to include any files from /usr/share/php? Normal users ain't gonna have *write* access to that directory, so it shouldn't be much of a security concern, I just don't know how to do this. I know that I can disable safe_mode and enable open_basedir, but that will create yet another security hole because normal users will be able to alter LD_LIBRARY_PATH, which is not a very good idea. AFAIK, they can make PHP load a custom glibc and thus gain root access to the box if I allow them to do that. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Safe mode upload
Hi everyone. I have trouble uploading files while in safe mode .Warning: SAFE MODE Restriction in effect. The script whose uid is 206 is not allowed to access /tmp/php6wtDUc owned by uid 0 Can someone help me pass around this problem? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]