By Anonymous (not verified) on

I installed drupal 6.2 and everything seemed fine,there are no errors in reports,but when I go to Site configuration > File System I get the following error:

* warning: fopen() [function.fopen]: SAFE MODE Restriction in effect. The script whose uid is 10028 is not allowed to access /var/www/vhosts/anydomain.gr/httpdocs/sites/default/files owned by uid 48 in /var/www/vhosts/anydomain.gr/httpdocs/includes/file.inc on line 129.
* warning: fopen(sites/default/files/.htaccess) [function.fopen]: failed to open stream: Success in /var/www/vhosts/anydomain.gr/httpdocs/includes/file.inc on line 129.
* Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your sites/default/files directory which contains the following lines:
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
Options None
Options +FollowSymLinks
* The directory sites/default/files/tmp does not exist.

sites/default/files folder is owned by user apache group apache with permissions 775
I can't find any solution to this.I tried uploading .htaccess as instructed by ftp and changing permissions by I don't have a superuser account and anyway isn't this supposed to be created by drupal alone?What's going wrong?

Categories: Drupal 6.x

Comments

cog.rusty’s picture

cog.rusty commented

Bad luck. Your host has "safe mode" enabled. Usually only ISPs do that, not professional hosts.

http://php.net/features.safe-mode

It is not just a matter of permissions but a matter of ownership. With "safe mode" enabled, a script owned by you (Drupal) can't write in a directory owned by apache, no matter what the permissions are.

You could try this: Delete sites/default/files and sites/default/files/tmp (either with FTP if you are allowed, or with a small php script, or ask your host to delete them) and then, before letting Drupal create them again, create them yourself using FTP and set their permissions to 777. Only then go to admin/settings/file-system and try again.

Even if this works you will still need luck with other future modules creating directories...

Anonymous’s picture

Anonymous (not verified) commented

thanks!!

I was just looking at plesk configuration and I saw this: PHP 'safe_mode' on but if you had not told me I wouldn't know that's it.I guess I'll have to find a way to disable it since it calls it a mode there must be a non safe mode.Thanks again

daringtakers’s picture

daringtakers commented

Thanks, It solved my problem.

Servlet tutorials

mailking’s picture

mailking commented

My host hase the "safe mode" enabled as well. I could delete the folder and create is with the permissions set to 777. So to leave the permissions on 777 is ok for this folder? As long as the default folder above it has the permissions set for 775. Or do I understand it wrong?
Adventurous greetings,
Coen

Tigerboy’s picture

Tigerboy commented

However if you don't have your own server and the skill to set php up more securely then 0777 is fine just be very sure to update drupal as security updates come out. The /default folder can be made non-writable even though it is the root of /files. so you can leave /default set to 0755 and /files /777 (publicly writable) which improves security. To change folder permissions use the chmod command in an ssh link(available with programs like secureCRT or openSSH) chmod 0755 default (when you are in sites) will do the job. There are often php ssh clients provided by hosts if you don't have an ssh set up or know how to set it up. I strongly recommend not logging onto ssh via a password(in fact make that not possible) and using encryption keys with the most aggressive setting (explicit tls/ssl). You might be surprised to know that Filezilla provides this very well now. There are still some bugs but they have vastly improved things. I was using the firefox fireftp but then I was at a hotel that had a not great wireless connection and couldn't maintain things with my servers so I tried filezilla and boy it worked great even with a poor connection and with the most aggressive connection available. DO not fool around with security it will cost you dearly if not in money -- time. Hackers can also just set and read your emails etc without telling you. But it's very easy to be secure you just need to learn things or hire someone that knows how to setup and maintain linux servers.

lastly any host that requires you to run in safe mode is not worth bothering with. There are so many hosts out there. Just set up how much you are willing to pay every month and hunt around. Make sure you back up your work and never sign a contract with a host. Make sure you do not pre pay for hosting. Always have it so you pay after the fact and drop them in a heartbeat if they let the network go or force you to tell them when you are having problems as in the server goes down or becomes inaccessible. They should be watching their network. Too many bums in hosting, give them like 3 strikes but only after they've earned 3 strikes. If they mess up like making you stay in safemode bail out and get a decent host. Also many give a free month or refund if you quit in 30 days. lastly if you host in China even if the data center is in the USA be very careful unless you really know the people. They can be sweet as pie sounding. We had problems with them spying on some clients email-- who happened to have factories in Hong Kong. It was a govt thing and I just don't think that sort of thing is right.

sol1313’s picture

sol1313 commented

I had the same problem after changing the permissions by mistake. I change the permissions on the /sites/default/files folder to 777 and the error went away.

Hope that helps someone else!
Sol

adamhermsdorfer’s picture

adamhermsdorfer commented

I had a similar issue working locally and my solution was just to put the .htaccess file with the correct code in the the private folder.

uniyolu.com’s picture

uniyolu.com commented

this is a php compatibility problem. you should apply compatible Drupal version with your host's php version. :)

http://uniyolu.com

juanmadiaz’s picture

juanmadiaz commented

modify includes/file.inc file removing .htaccess period like following:

if ((file_directory_path() == $directory || file_directory_temp() == $directory) && !is_file("$directory/htaccess")) {
$htaccess_lines = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks";
if (($fp = fopen("$directory/htaccess", 'w')) && fputs($fp, $htaccess_lines)) {
fclose($fp);
chmod($directory .'/htaccess', 0664);
}

It works for me on Windows 2008 Server, I hope for you too.