basstscho
12.12.05, 11:40
Hallo zusammen,
auf meinem Webserver habe ich einige vhosts laufen. Doch leider bekomme ich den php safe_mode nicht aus...
Ich möchte es geren so haben, dass der safe_mode standartmäßig an ist, ich ihn aber bei einzelnen vhoss ausschalten kann.
Da ich das aber nicht hinbekommen habe, habe ich ihn auch mal in der php.ini ausgeschaltet. Bringt aber auch nichts (natürlich jedes mal den http restartet). Ich benutze Suse 9.3 und den Apache.
Hier mal meine configs:
php.ini
; Safe Mode
;
safe_mode = OFF
; By default, Safe Mode does a UID compare check when
; opening files. If you want to relax this to a GID compare,
; then turn on safe_mode_gid.
safe_mode_gid = Off
; When safe_mode is on, UID/GID checks are bypassed when
; including files from this directory and its subdirectories.
; (directory must also be in include_path or full path must
; be used when including)
safe_mode_include_dir =
; When safe_mode is on, only executables located in the safe_mode_exec_dir
; will be allowed to be executed via the exec family of functions.
safe_mode_exec_dir =
; Setting certain environment variables may be a potential security breach.
; This directive contains a comma-delimited list of prefixes. In Safe Mode,
; the user may only alter environment variables whose names begin with the
; prefixes supplied here. By default, users will only be able to set
; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR).
;
; Note: If this directive is empty, PHP will let the user modify ANY
; environment variable!
safe_mode_allowed_env_vars = PHP_
; This directive contains a comma-delimited list of environment variables that
; the end user won't be able to change using putenv(). These variables will be
; protected even if safe_mode_allowed_env_vars is set to allow to change them.
safe_mode_protected_env_vars = LD_LIBRARY_PATH
und hier die vhosts:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName ****
DocumentRoot /drive/data/htdocs/****/html
SuexecUserGroup **** www
ScriptAlias /cgi-bin /drive/data/htdocs/****/cgi-bin
php_admin_value open_basedir /drive/data/htdocs/****
php_admin_value upload_tmp_dir /drive/data/htdocs/****/temp
php_admin_value session.save_path /drive/data/htdocs/****/temp
php_admin_value safe_mode off
CustomLog /var/log/apache2/****.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName gallery.****
DocumentRoot /drive/data/htdocs/gallery.****/html
SuexecUserGroup gallery.**** www
ScriptAlias /cgi-bin /drive/data/htdocs/gallery.****/cgi-bin
php_admin_value open_basedir /drive/data/htdocs/gallery.****
php_admin_value upload_tmp_dir /drive/data/htdocs/gallery.****/temp
php_admin_value session.save_path /drive/data/htdocs/gallery.****/temp
php_admin_value safe_mode on
CustomLog /var/log/apache2/gallery.****.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName gallery.****
DocumentRoot /drive/data/htdocs/gallery/html
SuexecUserGroup gallery www
ScriptAlias /cgi-bin /drive/data/htdocs/gallery/cgi-bin
php_admin_value open_basedir /drive/data/htdocs/gallery
php_admin_value upload_tmp_dir /drive/data/htdocs/gallery/temp
php_admin_value session.save_path /drive/data/htdocs/gallery/temp
php_admin_value safe_mode on
CustomLog /var/log/apache2/gallery.log combined
</VirtualHost>
Nun solte doch im obersten Vhost der Safe_mode off sein...bzw sollte er das doch bei allen sein, da in der php.ini das der sfae_mode auch deaktiviert ist...hab ich da jetzt was falsch?
PS: phpinfo() zeigt auch an, dass der safe_mode of ist. Ich kann aber keine Variable per Post übetragen und sie dann ohne $POST[] abrufen...
Danke jetzt schonmal für eurte Hilfe,
Grüße Johannes
auf meinem Webserver habe ich einige vhosts laufen. Doch leider bekomme ich den php safe_mode nicht aus...
Ich möchte es geren so haben, dass der safe_mode standartmäßig an ist, ich ihn aber bei einzelnen vhoss ausschalten kann.
Da ich das aber nicht hinbekommen habe, habe ich ihn auch mal in der php.ini ausgeschaltet. Bringt aber auch nichts (natürlich jedes mal den http restartet). Ich benutze Suse 9.3 und den Apache.
Hier mal meine configs:
php.ini
; Safe Mode
;
safe_mode = OFF
; By default, Safe Mode does a UID compare check when
; opening files. If you want to relax this to a GID compare,
; then turn on safe_mode_gid.
safe_mode_gid = Off
; When safe_mode is on, UID/GID checks are bypassed when
; including files from this directory and its subdirectories.
; (directory must also be in include_path or full path must
; be used when including)
safe_mode_include_dir =
; When safe_mode is on, only executables located in the safe_mode_exec_dir
; will be allowed to be executed via the exec family of functions.
safe_mode_exec_dir =
; Setting certain environment variables may be a potential security breach.
; This directive contains a comma-delimited list of prefixes. In Safe Mode,
; the user may only alter environment variables whose names begin with the
; prefixes supplied here. By default, users will only be able to set
; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR).
;
; Note: If this directive is empty, PHP will let the user modify ANY
; environment variable!
safe_mode_allowed_env_vars = PHP_
; This directive contains a comma-delimited list of environment variables that
; the end user won't be able to change using putenv(). These variables will be
; protected even if safe_mode_allowed_env_vars is set to allow to change them.
safe_mode_protected_env_vars = LD_LIBRARY_PATH
und hier die vhosts:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName ****
DocumentRoot /drive/data/htdocs/****/html
SuexecUserGroup **** www
ScriptAlias /cgi-bin /drive/data/htdocs/****/cgi-bin
php_admin_value open_basedir /drive/data/htdocs/****
php_admin_value upload_tmp_dir /drive/data/htdocs/****/temp
php_admin_value session.save_path /drive/data/htdocs/****/temp
php_admin_value safe_mode off
CustomLog /var/log/apache2/****.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName gallery.****
DocumentRoot /drive/data/htdocs/gallery.****/html
SuexecUserGroup gallery.**** www
ScriptAlias /cgi-bin /drive/data/htdocs/gallery.****/cgi-bin
php_admin_value open_basedir /drive/data/htdocs/gallery.****
php_admin_value upload_tmp_dir /drive/data/htdocs/gallery.****/temp
php_admin_value session.save_path /drive/data/htdocs/gallery.****/temp
php_admin_value safe_mode on
CustomLog /var/log/apache2/gallery.****.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName gallery.****
DocumentRoot /drive/data/htdocs/gallery/html
SuexecUserGroup gallery www
ScriptAlias /cgi-bin /drive/data/htdocs/gallery/cgi-bin
php_admin_value open_basedir /drive/data/htdocs/gallery
php_admin_value upload_tmp_dir /drive/data/htdocs/gallery/temp
php_admin_value session.save_path /drive/data/htdocs/gallery/temp
php_admin_value safe_mode on
CustomLog /var/log/apache2/gallery.log combined
</VirtualHost>
Nun solte doch im obersten Vhost der Safe_mode off sein...bzw sollte er das doch bei allen sein, da in der php.ini das der sfae_mode auch deaktiviert ist...hab ich da jetzt was falsch?
PS: phpinfo() zeigt auch an, dass der safe_mode of ist. Ich kann aber keine Variable per Post übetragen und sie dann ohne $POST[] abrufen...
Danke jetzt schonmal für eurte Hilfe,
Grüße Johannes