[BlueOnyx:03117] Re: php error

Stephanie Sullivan ses at aviaweb.com
Wed Dec 16 10:12:34 -05 2009 

There are two things to consider:
	1) in php.ini - is safe mode on? I go with yes.
	2) in php.ini - is safe mode gid on? I'd bet no and suggest turning
it on.

With php includes in safe_mode the owner of the including script must be the
same as the script being included. If not, no joy.

Safe mode gid tells php to use the group rather than the owner as the basis.
So, files of different owners than the calling php file can load those files
with an include.

Generally, you should be able to include any file within your web root
unless php is very wrongly configured.

Some other posts (from days ago I think) spoke about not being able to exec
within safemode. As I recall exec was disabled in the BX config by default.
If safemode is enabled then so will safe_mode exec dir. If you define it and
enable exec it will only execute the images you put into the specified
directory (links to allowable executables are OK there too). This provides a
great deal of control over allowable executables; maintaining security when
used judiciously.

Here are some safe mode controls from my php.ini

safe_mode = On
safe_mode_gid = On
; setup the pear library as a valid include dir, in addition to all files
under the web root
; there can be multiple directories listed with a (as I recall) comma
seperated list.
safe_mode_include_dir = "/usr/local/share/pear/"
; When safe_mode is on, only executables located in the safe_mode_exec_dir
; These can be links to executabled in /bin
safe_mode_exec_dir = "/home/phpexec/"

I hope this helps someone.

	-Stephanie

> -----Original Message-----
> From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-
> bounces at blueonyx.it] On Behalf Of Michael Stauber
> Sent: Wednesday, December 16, 2009 3:15 AM> To: BlueOnyx General Mailing
List
> Subject: [BlueOnyx:03115] Re: php error
> 
> Hi Tony,
> 
> > Still looking for any help about this error:
> 
> For starters I'd run this:
> 
> chown apache:site34 -R  /home/.sites/58/site34/web
> 
> That chowns all files and folders in /web of site34 to the same UID
> and GID.
> That usually takes care of all the safemode related include problems.
> 
> Drawback: You (or the siteAdmin) won't be able to upload files to
> that folder
> through FTP.
> 
> Benefit: If the PHP script(s) need to generate files and folders,
> they now
> can. And it won't create additional safemode problems either.
> 
> Next I'd check this error message:
> 
> >>> Operation not permitted in
> >>> /home/.sites/58/site34/web/index.php on line 3
> 
> What does line 3 in that index.php actually do?
> 
> --
> With best regards
> 
> Michael Stauber
> 
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list