|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #36532 session.save_path and safe_mode
Submitted: 2006-02-26 03:11 UTC Modified: 2006-03-07 01:00 UTC
Avg. Score:4.0 ± 1.2
Reproduced:4 of 4 (100.0%)
Same Version:4 (100.0%)
Same OS:2 (50.0%)
From: amicka at gmail dot com Assigned:
Status: No Feedback Package: Session related
PHP Version: 4.4.2 OS: FreeBSD 4.11
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: amicka at gmail dot com
New email:
PHP Version: OS:


 [2006-02-26 03:11 UTC] amicka at gmail dot com
We are using mod_php and providing per-site configuration directives in httpd.conf

I am testing with a phpinfo() file, owned by uid/gid 1000/1000

When safe_mode is enabled, we receive the following error:

PHP Warning:  Unknown(): SAFE MODE Restriction in effect.  The script whose uid/gid is 0/0 is not allowed to access /www/ owned by uid/gid 1000/1000 in Unknown on line 0

PHP Warning:  Unknown(): open(/tmp/sess_659835e0c801f8cfcf46c1740c026d08, O_RDWR) failed: Permission denied (13) in Unknown on line 0

PHP Warning:  Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0

*  Because my info.php file is owned by uid=1000, the "script whose uid/gid is 0/0" error SHOULD NOT APPEAR.  It is erroneously using 0/0 for its checks

*  Because /www/ is in my safe_mode_include_dir path, the above error shouldn't apply anyway

*  Because my session.save_path is /www/ , it SHOUD NOT be attempting to write to /tmp

My current workaround is to chown /www/ to 0:0, which is preferable in my environment.  But this still indicates a bug.

php.ini is similar to the ini-recommended file, plus safe_mode = On

Per-site overrides:

<VirtualHost *:80>
  DocumentRoot /www/
  SetEnv PHPRC /www/
  php_admin_value doc_root /www/

<Directory /www/virtual/>
  php_admin_value session.save_path "/www/"
  php_admin_value upload_tmp_dir "/www/"
  php_admin_value safe_mode_include_dir "/www/lib/:/www/sharedlib/:/www/"
  php_admin_value open_basedir /www/lib/:/www/


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2006-02-27 08:54 UTC]
What Server API are you using?
 [2006-02-27 09:43 UTC] amicka at gmail dot com
Apache 2.0  (2.0.55)
 [2006-02-27 09:54 UTC]
Can you try it with Apache 1.3.x ?
And I'd appreciate if you try to reproduce it with PHP 5.1 either.
 [2006-03-07 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2006-06-01 09:19 UTC] lars at erhardsen dot dk
I'm experiencing the same with 4.4.2 on linux 2.4.27 - and these random errors started when I upgraded from 4.3.11 (not entirely sure about the version)
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Fri Sep 22 22:01:24 2023 UTC