Hi,

I have a PHP application that writes config files and directories to disk. This system was developed on another host and recently transferred to FQ. I have noticed since the transfer that when I invoke the functionality to do the following:
[nbsp][nbsp][nbsp][nbsp][nbsp]create a directory
[nbsp][nbsp][nbsp][nbsp][nbsp]write a file into that directory (fopen, fputs, etc.)
that the operation invariably fails with the following:

"Warning: SAFE MODE Restriction in effect. The script whose uid is 42469 is not allowed to access conf/chix/sbg/site.conf owned by uid 98"

What's happening is that the directory is created successfully with the uid of the apache process, however, when the fopen, fputs functions execute, they apparently execute with the uid of my username. (Furthermore, the directory that is created by the apache process is only writeable by the owner, so I can't interact with it, which is normally not a problem since all interactivity in these directories are handled by the "app" that I have created... assuming of course that the app *can* interact with the directories, which it apparently can not.).

Naturally I can add lines that chmod the new directory so that it is writeable by group and world, however, I find it wierd that these two similar operations run under different uids.
Will I *need* to add chmod functionality to the directory creation algorithms? --or is something else amiss?

Rich.

I personally try to use PHP mostly for MySQL work, leaving the file system stuff to Perl - the SAFE_MODE restrictions are tricky to work around. Here is the basic run down:

PHP runs as user apache. Since user apache has access to each person's domain space, PHP's SAFE_MODE prevents PHP from having access to other's domains. Before PHP will read/write a file, it must pass the following:

Does user apache have permission to perform this?
Does the user running this (eg, you) have permission to perform this?

Apache obviously has to be able to perform the function, but PHP itself also requires that you would have that ability as well - so the permissions are doubled, in that both you and apache must have permission.

Working around this is tricky - what I do is make sure to create any directories that PHP needs manually, rather than letting PHP do it - though this is not always possible. If it's not possible, I have not yet found a way around the situation :(

I do really like PHP, especially for MySQL work - but the above situation does make it difficult to take PHP seriously... though the problem is not in PHP itself, but rather in the SAFE_MODE operation, and in the fact that it is run as user apache - in other words, you would have the same issues with mod_perl, for example...

I hope this helps to shed some light...

------------------
Justin Nelson
FutureQuest (http://www.FutureQuest.net/index.php) Support

Hi,

No, this doesn't help.
The real problem is that the mkdir line:

[nbsp][nbsp][nbsp][nbsp][nbsp]mkdir("my/new/directory",0777);

is not being executed as it is written. That is, it's creating the directory, but not with ugo+rwx perms as specified (--should probably be ugo+rw instead).

Furthermore, the app sees that the directory creation function is not returning an error, even though it is 'malfunctioning' and proceeds with the rest of the program.

Why would it ignore my specifications of the file perms when creating this directory? I don't believe that I specified them incorrectly...

There is no possibility that this stuff can be done manually.

We developed the system this way (1 language, filesystem based, no binary dbs) so that we would have the greatest portability. Funny, Our first port, and it doesn't work at all. This is not even remotely close to good.

Rich.

You have to realize that the issues here are with PHP itself - which is why I noted that I prefer Perl, a much more predictable language, for file system work. The fact that your first port didn't work shows that PHP has issues -- considering that there are a lot of differences with each platform for PHP (Win32 vs Unix), and even major differences in implimentation (mod_php vs CGI)...

I would suggest contacting the authors of PHP, or getting in on their various mailing lists, to see if there is a known work-around - or even pointing the bugs out. I'm sure the developers probably do not use SAFE_MODE much themselves, and they might not be aware of the problems...

Hope this helps.
[nbsp]
------------------
Justin Nelson
FutureQuest (http://www.FutureQuest.net/index.php) Support

Hi,

Actually it does help. I don't mean to imply that this is a Futurequest issue if it came across that way.
I do mean that I am frustrated. (!)
The Perl suggestion sounds like it's right on--so I have my head in it now.

Thanks,
Rich.