PHP Safe Mode, Problems, and Workarounds


  • Applies to: Grid
    • Difficulty: Medium
    • Time Needed: 20
    • Tools Required: SSH, vi knowledge
  • Applies to: All DV
    • Difficulty: Easy
    • Time Needed: 10
    • Tools Required: SSH, vi knowledge

Overview

This article is about PHP Safe Mode, Security, and Safe Mode Workarounds.

Default Settings

Safe Mode is off by default.

Security

Safe Mode does a user check on files that are opened by a process. By default, the users of the file and the process need to match. For more information, see the following.

Possible Limitations

Safe Mode user restrictions can interfere with the intended functioning of your PHP files. If you are using a third-party script or application, you should check its technical requirements for the necessary Safe Mode setting.

Some of the major limitations of Safe Mode include the following.

  • PHP File Uploads: By default, PHP runs as FastCGI on the Grid. File uploads are always as the Server Administrator. Generally, errors only occur in regards to file size and possibly directory permissions. Ensuring directory permissions are set to 755 will avoid these errors.
  • PHP File Uploads: On the DV server, the webserver runs as the Apache user. So, all files that are uploaded via PHP are owned by Apache. This may cause ownership problems for many users.

    Disabling Safe Mode may not be enough to get around this problem. You may also try running Apache as FastCGI on your DV, resolving Apache permission errors.

  • File Modifications: Moving, copying, and changing ownership and permissions of files can only be done when they are owned by the administrative user.
  • System Commands: PHP scripts cannot use the exec( ) and system( ) functions, which means that shell commands cannot be run from within a PHP script.

Many "ready-made" PHP scripts, such as Gallery or ***NUKE, use the system() function to copy files. If your script does not work as anticipated, it is possible that it uses an unsupported safe mode command.

Enabling Safe Mode and Workarounds

You can add the following line to your php.ini file.

Filename: php.ini

safe_mode = On

Safe Mode can be turned on globally using the php.ini as described above, or on a per-site basis.

Test

You can verify that safe mode is off/on by viewing your phpinfo.php page.