470,833 Members | 1,382 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,833 developers. It's quick & easy.

Rights issue / safe mode PHP

(Suse 9.0, Apache 2.048, PHP 4.3.3 - all default install from SuSe ISO)

I have in my wwwroot folder (/srv/www/htdocs) a folder called counters.
I have embedded a page counter script into several of the webpages I
wrote/maintain.

ls -lias for htdocs, and below the one for htodocs/counters
5197 1 drwxr-xr-x 8 pjotr root 480 Aug 1 09:36
htdocs
131618 2 drwxrwxrwx 2 pjotr users 1592 Aug 3 17:23
counters

If I run the counter.php script from a browser (embedded) the counter txt
file is owned by the web server process:
131651 4 -rw-r--r-- 1 wwwrun www 2 Aug 3 13:41
test.counter.txt

If I removed the rxw rights for other on counters, the script fails. So far
I get it, since wwwrun is not in group users.
But then i though, why not change ownership of counters to wwwrun, group to
www and remove rxw for all others.

So I gett
131618 2 drwxrwxrwx 2 wwwrun www 1592 Aug 3 17:23
counters

But even before removing rwx for others I get the following error when
running the counter script:
Warning: fopen(): SAFE MODE Restriction in effect. The script whose uid is
500 is not allowed to access /srv/www/htdocs/counters owned by uid 30 in
/srv/www/htdocs/counter.php on line 26

Tempting as it is to disable SAFE MODE I know that is probably not good
practice. What am I missing here ? I just don't get this.
Peraps my entire security setup is not good for this server. Do I have to
change ownership of the higher directories as well ?
I am not too happy about a directory writable and executable to all the
world. I can hardly imagine that is safe practice.
So any help appreciated.

TIA
Pjotr
Jul 17 '05 #1
0 1456

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Giobibo | last post: by
reply views Thread by Yemi | last post: by
3 posts views Thread by Jeremy Shovan | last post: by
2 posts views Thread by Paul Schmidinger | last post: by
reply views Thread by Zuel | last post: by
2 posts views Thread by Joseph S. | last post: by
8 posts views Thread by Gary Nastrasio | last post: by
5 posts views Thread by rdlowrey | last post: by
7 posts views Thread by bvdp | last post: by
reply views Thread by mihailmihai484 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.