|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2002-06-04 06:17 UTC] fontajos at phpeppershop dot org
In the php manual (http://www.php.net/manual/en/features.safe-mode.php) the safe mode is described as follows. PHP should compare the UID of the script's owner to the UID of the file on which the script attends to operate. If the UIDs differ, the access to the file is denied. If you test the following script, assuming you have a file called text.txt (file and directory properties not 0666!) in the same directory where the script is, it should work according to the php manuals description, but it doesn't. (You can execute the following script on our server, to see exactly the same result that I got here: http://phpserver.zhwin.ch/~fontajos/test/test2.php ) ------------- <?php echo("<h1>Safe Mode bug</h1><br><br>");//title clearstatcache(); echo ("<u>Script</u><br>"); echo ("This script's UID = ".getmyuid()." and GID = ".getmygid()."<br>"); echo ("The current user of this script is: ".get_current_user()."<br><br>"); echo ("<u>File</u><br>"); echo ("./text.txt's UID = ".fileowner("text.txt")."<br>"); $posix_array = posix_getpwuid(fileowner("text.txt")); echo ("./text.txt's owner = ".$posix_array['name']."<br>"); //Some more fileinfos if (file_exists("text.txt")) { echo ("File text.txt exists in this folder!<br>"); } if (is_readable("text.txt")) { echo ("File text.txt is readable!<br>"); } if (is_writeable("text.txt")) { echo("File text.txt is writeable!<br><br>"); } else { echo ("File text.txt is <b>not writeable</b>!<br><br>"); } /*Try an operation which does not work although it should*/ chmod ("text.txt", 0666); $fp = fopen ("text.txt", "r+"); fclose($fp); chmod ("text.txt", 0644); ?> -------------- To reproduce this behaviour, I used the following PHP configuration: http://phpserver.zhwin.ch/~fontajos/phpinfo.php Since most of the providers enable the Safe Mode, it is really annoying that we currently need to give the directory and the specific file the file attributes 0666 to access them with enabled Safe Mode. Best Regards Jose Fontanil PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Fri Oct 24 10:00:01 2025 UTC |
Thank you for the quick reply. You write, that PHP does the following comparison: fileowner(\"test2.php\") == fileowner(\"text.txt\"); I tried this within a new script and both, the test2.php and also the text.txt do have the same UID. Test: <?php echo (fileowner("test3.php")." = ".fileowner("text.txt")); ?> (You can run this script here: But still it isn't possible to write to this file or use chmod as mentioned in the php manual (http://www.php.net/manual/en/features.safe-mode.php).Sorry, I made a mistake in my response.. getmyuid() actually DOES give you the owner of the script, not the user which is running the script. We are looking in the wrong direction here... The error you get is not from safe-mode. Like you have shown with fileowner("test2.php") == fileowner("text.txt") the restrictions for safe-mode are met. It are the normal UN*X file-access checks that prevent you from writing to the file. As you can see from -rwxr-xr-x 1 fontajos users 29 Mai 3 07:17 text.txt the file may only be opened for writing by user fontajos. Group users and the rest of the users can only open it for reading and executing (which is a bit strange for a textfile). The users your webserver runs as obviously is not user fontajos, so it can not write to the file. The sollution is to change the access restrictions of the file in a way that the webserver can open it for writing. The easiest way is to give _everybody_ write access to the file (chmod a+w file.txt) but that is not very safe. If your system supports ACLs using them would be a much better option. The best thing to do is to ask your ISP/sysadmin/guru what the best option is for the webserver you are using.