All geek questions in one place

Bypass PHP safe mode for writing to the server. Is it possible?

I had the following problem, since the safe mode is enabled on the server, and directories are created by different users:

  • I upload my script to the server, it appears as belonging to "user1". All he does is create a new directory when creating a new user so that he can store files in it.
  • A new directory has been created, but it belongs to the user "apache".
  • 'user1' and 'apache' are different users; and safe mode is enabled. Thus, php script cannot write to this newly created directory.
  • Now I have a problem!

One solution is to disable safe mode. In addition, a colleague suggested that there are settings that can be changed to ensure that directories are under the same username as the script. Therefore, I look to see if the latter can be done.

But I have to ask. Is there a software solution for my problem?

I tend to "no" because safe mode was implemented to solve it at the php level. Also, the actual problem may seem that the directory is being created by another user, so a software fix can be just a range fix.

+2
source share
3 answers

I used this workaround:

instead of php mkdir, you can create FTP directories with the proper permissions.

function FtpMkdir($path, $newDir) { $path = 'mainwebsite_html/'.$path; $server='ftp.myserver.com'; // ftp server $connection = ftp_connect($server); // connection // login to ftp server $user = " user@myserver.com "; $pass = "password"; $result = ftp_login($connection, $user, $pass); // check if connection was made if ((!$connection) || (!$result)) { return false; exit(); } else { ftp_chdir($connection, $path); // go to destination dir if(ftp_mkdir($connection, $newDir)) { // create directory ftp_site($connection, "CHMOD 777 $newDir") or die("FTP SITE CMD failed."); return $newDir; } else { return false; } ftp_close($connection); // close connection } }
+4
source

Perhaps you can disable safe mode for a specific directory through a .htaccess file (if on Apache).

 php_value safe_mode = Off

You may need your hosting provider to make changes for you, though in httpd.conf.

0
source

I had some success in setting the group bit of the boot directory to sticky. PHP can then create directories in it and write to it.

http://en.wikipedia.org/wiki/Setuid#setuid_and_setgid_on_directories

chmod g + s directory

0
source

Source: https://habr.com/ru/post/1338260/

More articles:


All Articles