[TriLUG] PHP, Safe Mode, & PEAR

Scott Lundgren trilug at capitalfellow.com
Wed Jul 13 16:41:34 EDT 2005 

Hey guys

I've been beating my head against a config issues in php.ini (PHP 
5.0.4) and maybe someone can help with what I'm not doing.

In my php.ini I've enabled:

safe_mode = On
safe_mode_gid = On
safe_mode_include_dir = /usr/local/php/lib/php
error_reporting = E_ALL
log_errors = On
error_log = /export/home/wsadmin/logs/php_error.log
include_path = "/usr/local/php/lib/php:."

 From the documentation (http://us2.php.net/features.safe-mode) 
safe_mode_include_dir:

UID/GID checks are bypassed when including files from this directory 
and its subdirectories (directory must also be in include_path  or full 
path must including).
The restriction specified is actually a prefix, not a directory name. 
This means that "safe_mode_include_dir = /dir/incl" also allows access 
to "/dir/include" and "/dir/incls" if they exist. When you want to 
restrict access to only the specified directory, end with a slash.

Since my setting for safe_mode_include_dir doesn't end in a /, I 
thought because the path in safe_mode_include_dir would match against 
what's in include_path meaning all the subdirectories (ie: individual 
PEAR packages) of my include_path would be excluded from the checks. 
But I'm finding that's not the case when a simple test script calls the 
PEAR component Form (located at /usr/local/php/lib/php/HTML/Form.php) i 
have the following errors:

[13-Jul-2005 16:26:22] PHP Warning:  main() [<a 
href='function.main'>function.main</a>]: SAFE MODE Restriction in 
effect.  The script whose uid/gid is 107/10 is not allowed to access 
/usr/local/php/lib/php/HTML/Form.php owned by uid/gid 0/1 in 
/export/home/selundgr/public_html/formtest.php on line 2
[13-Jul-2005 16:26:22] PHP Warning:  main(HTML/Form.php) [<a 
href='function.main'>function.main</a>]: failed to open stream: No such 
file or directory in /export/home/selundgr/public_html/formtest.php on 
line 2
[13-Jul-2005 16:26:22] PHP Fatal error:  main() [<a 
href='function.require'>function.require</a>]: Failed opening required 
'HTML/Form.php' (include_path='/usr/local/php/lib/php:.') in 
/export/home/selundgr/public_html/formtest.php on line 2

thanks,
SL

More information about the TriLUG mailing list