Re: [PHP] Safe mode story
On May 11, 2008, at 12:06 AM, admin wrote: [snip!] Safe mode has _got_ to be there for some good reason. Read on about PHP6 http://www.ibm.com/developerworks/opensource/library/os-php-future/?ca=dgr-lnxw01PHP-Future Scroll down to where the title is Things removed - notice that 'safe_mode' is listed. It may have been put in originally for a good reason, but since then deprecated. HTH, ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Safe mode story
You could try having apache run as the UID of the user. With a few modifications to apache site config and you should be golden! HTH, Wolf -Original Message- From: admin [EMAIL PROTECTED] Sent: Sunday, May 11, 2008 1:06 AM To: php-general@lists.php.net Subject: [PHP] Safe mode story Hi all, I'm running a Plesk 8.3 mass hosting server equipped with PHP 5.1.6 on CentOS 5, and I'm facing the problem of PHP Safe mode barfing at the UID mismatch of PHP scripts uploaded by user's FTP UID, and later executed by Apache UID, where user's PHP scripts thusly uploaded attempt to write any files while doing their job. Is there an educated solution? What if I relax safe mode checks to gid (safe_mode_gid=On), and given that GID is psacln for every Plesk-hosted customer, with only UIDs being different, is there any risk that folks operating on their own chmod 660 files will be able to overwrite other people's chmod 660 files? Or will open_basedir be enough to prevent unwanted PHP level file access while relaxing safe mode uid check at the same time? (by default, it is properly set by Plesk in %mysite%/conf/httpd.include) ? BTW, safe_mode_exec_dir is empty by default, does it mean if I do set safe_mode_gid then users will be able to exec other Plesk users' cgi-bin scripts etc. because of GIDs being equal?? Safe mode has _got_ to be there for some good reason. Thanks in advance for any tips. -- [The entire original message is not included] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Safe mode story
Hi all, I'm running a Plesk 8.3 mass hosting server equipped with PHP 5.1.6 on CentOS 5, and I'm facing the problem of PHP Safe mode barfing at the UID mismatch of PHP scripts uploaded by user's FTP UID, and later executed by Apache UID, where user's PHP scripts thusly uploaded attempt to write any files while doing their job. Is there an educated solution? What if I relax safe mode checks to gid (safe_mode_gid=On), and given that GID is psacln for every Plesk-hosted customer, with only UIDs being different, is there any risk that folks operating on their own chmod 660 files will be able to overwrite other people's chmod 660 files? Or will open_basedir be enough to prevent unwanted PHP level file access while relaxing safe mode uid check at the same time? (by default, it is properly set by Plesk in %mysite%/conf/httpd.include) ? BTW, safe_mode_exec_dir is empty by default, does it mean if I do set safe_mode_gid then users will be able to exec other Plesk users' cgi-bin scripts etc. because of GIDs being equal?? Safe mode has _got_ to be there for some good reason. Thanks in advance for any tips. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
