Safe Mode restriction appear on an updated server.

By cx42net on 19 Feb 2009 at 14:26 UTC

Hello !
I'll try to explain the best as I can :)

I run Drupal for one of my websites since two month, on my server.
This server runs Debian Etch (4), and everything worked fine.

Recently, I had a big problem on my server, and I had to reinstall all the OS. I switched to the new version of Debian, Lenny (5).
Before formatting my server, I downloaded all the important files : /var/www, /var/lib, /etc, /root, etc.

After the re-installation complete, I set up my environnement like it was before, with the sames rights, config files (I checked line by line the differences from the new one with the old one (using diff)). Php is the SAME file as before.
For Php, I always had safe mode switched to ON and open_basedir = /var/www/:/tmp/;

But since the reinstall, Drupal shows me an error, about safe mode :
warning: realpath() [function.realpath]: SAFE MODE Restriction in effect. The script whose uid is 33 is not allowed to access /tmp owned by uid 0 in /var/www/website/www/includes/file.inc on line 757.

This errors occurs on line 757 but also on line 191 and 194. Its when the function realpath is used for "/tmp" (realpath ($directory) with $directory = "/tmp";).

But /tmp is on chmod 777 and allowed by open_basedir rules in php.ini !

I don't know what is wrong !

All the rights where preserved, everything else work fine.
I also have Wordpress for my blog, and everything is ok with it, no problem found. I tried to upload a file, and I succeed it.

So I guess the problem is from Drupal, but I don't know where or how.

Could you help me please ?

Thank you !

/var/www/fcpe90/www/sites/default/files/tmp

Comments

I am a bit surprised that you

cog.rusty commented 19 February 2009 at 15:02

I am a bit surprised that you didn't have problems with safe mode before, with uploads, color schemes etc.

Anyway, it is a problem of file ownership, not just permissions. For safe mode to work, the owner of /tmp must be the same as the owner of Drupal's index.php file.

Or. create your own temp directory under Drupal, owned by the user account which uploaded Drupal, and allow the web server to write in it. Then specify that new temp directory in the admin/settings/file-system page.

--------- Edited to add:
Also check who is the owner of the directory specified in php.ini for upload_tmp_dir

"I am a bit surprised that

cx42net commented 19 February 2009 at 16:05

"I am a bit surprised that you didn't have problems with safe mode before, with uploads, color schemes etc."
=> Yeah, me too !

"Anyway, it is a problem of file ownership, not just permissions. For safe mode to work, the owner of /tmp must be the same as the owner of Drupal's index.php file."
==> But /tmp always worked without having the same owner permission of Drupal's index.php file ?? Its a particularity of Drupal ?

No, it is not a

cog.rusty commented 19 February 2009 at 16:11

No, it is not a particularity. In "safe mode" a script owned by someone can't write in a directory owned by someone else, even if the permissions were 777. For the same reason, Drupal can't even write in directories which it has created itself, because they are owned by apache.

Maybe /tmp was not used before, and some other temp directory owned by your user account was specified in PHP's uploads_tmp_dir and in Drupal's admin/settings/file-system page.

I forgot to mention : The

cx42net commented 19 February 2009 at 16:08

I forgot to mention :
The directive upload_tmp_dir is set to /tmp

Here is the rights for /tmp :
code>
drwxrwxrwt 4 root root 4096 fév 19 17:07 tmp

As you can see, anyone can read/write into tmp, that's why I don't understand the problem of Drupal

Change that to a directory

cog.rusty commented 19 February 2009 at 16:23

Change that to a directory which you own (I have one parallel to my public_html directory), and then give it permissions 777 so that apache can write in it.

Safe mode doesn't care about permissions. Only about the owner. With safe mode, no php script can write in /tmp, except if the script file has the same owner as /tmp. Permissions are only considered after that.

That said, you will always have problem, for example when Drupal creates temp subdirectories in which it will be unable to write. There are good reasons that "safe mode" has been kicked out of PHP 6.

I made a really basic upload

cx42net commented 19 February 2009 at 16:23

I made a really basic upload form to check if it's my php configuration that made problems or Drupal.
Here the result (var_dump of $_FILES and var_dump ( realpath ($_FILES['myfile']['tmp_name'])); ) :

<?php
var_dump ($_FILES);
// Output :
array(1) {
  ["myfile"]=>
  array(5) {
    ["name"]=> string(6) "05.jpg"
    ["type"]=> string(10) "image/jpeg"
    ["tmp_name"]=> string(14) "/tmp/phpaGgGLX"
    ["error"]=> int(0)
    ["size"]=> int(21374)
  }
}



var_dump ( realpath ($_FILES['myfile']['tmp_name']));
// Output :
string(14) "/tmp/phpaGgGLX"
?>

See ? No errors, and using /tmp !

The problem come from Drupal :s

I am not much of a developer.

cog.rusty commented 19 February 2009 at 16:27

I am not much of a developer. Rather a tinkerer. So I have to ask, does this mean that now you have a file stored in /tmp, which was created by a php script?

same issue

mattez commented 4 May 2009 at 12:49

My Solution...

mattez commented 4 May 2009 at 13:04

HI!
I had same issue. On one (old) server with SAFE MODE It works fine, on other (new) I was unable to setup tmp directory.
I discussed this with my server masta... He found that we missed setup SAFE MODE right way in PHP!
We had there only "safe_mode On". We forgot "safe_mode_gid On"!
IT WORKS FINE NOW!

:)) whoopee (4 me)