RE: SAFE MODE Restriction - mkdir()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm



On 25 November 2004 00:47, SED wrote:

> Then, shouldn't the owner be able to handle the new directory?
> 
> In my case, the owner creates the directory X but can't create a
> subdirectory inside the directory X! nor save a file into it!
> 
> Can you explain that?
> 
> Is the PHP not always running as the same user? Or is it base
> on type of the
> function?

It works like this:

(1) Script (owned by you) attempts to access original directory (owned by
you, presumably) -- ok.

(2) Script (owned by you, but running as Apache user) creates new
subdirectory (set to be owned by user *running* the script, i.e. Apache
user).

(3) Script (owned by you) attempts to access new subdirectory (owned by
Apache user) -- denied.

So, yes, you can create a directory which it is then impossible to access --
this is an unfortunate side-effect of safe mode when PHP runs as an Apache
module and hence as the Apache user.  This is why hosted services often use
chrooted jails with PHP as a CGI -- the individual copies of PHP then run
with the appropriate uids of the host usernames.

Cheers!

Mike

---------------------------------------------------------------------
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Headingley Campus, LEEDS,  LS6 3QS,  United Kingdom
Email: m.ford@xxxxxxxxxxxxxx
Tel: +44 113 283 2600 extn 4730      Fax:  +44 113 283 3211 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux