opendir() in SAFE MODE

Jonathan_Beni

grrrrr.....

I'm trying in vain to figure out this SAFE MODE thing..

Here is a silly script that I'm running to test opendir()
I keep getting
"SAFE MODE Restriction in effect. The script whose uid is 10241 is not allowed to access /usr/local/4admin/apache/vhosts/my-site.com/httpdocs/images/11 owned by uid 2527 in /usr/local/4admin/apache/vhosts/my-site.com/httpdocs/open.php on line 7"

<?php
if(!(mkdir("/usr/local/4admin/apache/vhosts/my-site.com/httpdocs/images/11", 0777))){
	echo "couldn't create directory <br>";
}else{
	chmod( "/usr/local/4admin/apache/vhosts/my-site.com/httpdocs/images/11", 0777);
}
if (!($open = opendir("/usr/local/4admin/apache/vhosts/my-site.com/httpdocs/images/11"))){		
	echo "failed";
}else{
	echo "OK";
}
?>

Now, the directory IS created, but the script can't open it.

Any suggestions would be greatly appreciated!

weekender

from the php manual page on safe mode;

When safe_mode is on, PHP checks to see if the owner of the current script matches the owner of the file to be operated on by a file function.

results in this error when safe mode is enabled:

Warning: SAFE MODE Restriction in effect. The script whose uid is 500 is not
allowed to access /etc/passwd owned by uid 0 in /docroot/script.php on line 2

so it looks like mkdir is allowed even when safe mode is on, but you can only access the directory if the script owner matches the directory owner

BUT you can set the safe_mode_gid php.ini directive to on, which relaxes the checking, so that the script owners' GID (group id) not UID (user id) has to match the gid of the directory owner - and this has a greater chance of matching.

The safe_mode_gid directive can only be set in php.ini or apache httpd.conf

adam

Jonathan_Beni

Thanks Adam.
The problem is that the server settings are enforced by the host, and I cannot change those, even locally.

Any workarounds?

weekender

not that i know, i'm afraid. I think that safe mode was implemented on the requirement that it would 'lock down' a server, to prevent any code that might affect the system, and so I don't think there's a work around.

If your host is sticking to safe mode, they sound pretty crappy as this really does limit php for anything but basic tasks. Change host maybe?

adam

Jonathan_Beni

I might have to do that.
Unless someone else has any ideas?