I installed drupal 6.17 and also installed Greek language. As long as i have enabled as default English language there is no problem . When i switch to Greek language as default , i can see all the menu in Greek but i have some warnigs like:

* warning: tempnam() [function.tempnam]: Unable to access in /var/www/vhosts/*******.gr/httpdocs/includes/file.inc on line 787.
* warning: fopen() [function.fopen]: Filename cannot be empty in /var/www/vhosts/******.gr/httpdocs/includes/file.inc on line 788.
* Τhe file could not be created.
* warning: tempnam() [function.tempnam]: Unable to access in /var/www/vhosts/******.gr/httpdocs/includes/file.inc on line 787.
* warning: fopen() [function.fopen]: Filename cannot be empty in /var/www/vhosts/******.gr/httpdocs/includes/file.inc on line 788.
* Τhe file could not be created.

i played around by clicking some menus like
/admin/build
/admin/content
/admin/user
/admin/reports

and always the same warnigs apear.

when i click /admin/settings/file-system , i have this kind of warning:

* warning: tempnam() [function.tempnam]: Unable to access in /var/www/vhosts/******.gr/httpdocs/includes/file.inc on line 787.
* warning: fopen() [function.fopen]: Filename cannot be empty in /var/www/vhosts/******.gr/httpdocs/includes/file.inc on line 788.
* The file could not be created.
* warning: tempnam() [function.tempnam]: Unable to access in /var/www/vhosts/******.gr/httpdocs/includes/file.inc on line 787.
* warning: fopen() [function.fopen]: Filename cannot be empty in /var/www/vhosts/******.gr/httpdocs/includes/file.inc on line 788.
* Τhe file could not be created.
* warning: fopen() [function.fopen]: SAFE MODE Restriction in effect. The script whose uid/gid is 10216/2524 is not allowed to access /var/www/vhosts/******.gr/httpdocs/sites/default/files owned by uid/gid 48/48 in /var/www/vhosts/******.gr/httpdocs/includes/file.inc on line 129.
* warning: fopen(sites/default/files/.htaccess) [function.fopen]: failed to open stream: Success in /var/www/vhosts/******.gr/httpdocs/includes/file.inc on line 129.
* Security warning: write file .htaccess was not possible. You must create a .htaccess file in folder sites/default/files which contains the following lines:
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
Options None
Options +FollowSymLinks
* The folder sites/default/files/tmp does not exist.

NOTE: the warnings appear in Greek language so i had to translate them if that helps to show you.

Also , i tried to create a .htaccess file into the sites/default/files folder with filezilla but i got a "permission denied" .
Neither the tmp folder had any luck , same permission denied for that too.

I searched in google and i think it has to do with the .htaccess file in the root folder , and even i don't know very much my mind goes into that line

<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format)$">
  Order allow,deny
</FilesMatch>

but maybe i am wrong... Can someone help please?

Thanks a lot in advance

Comments

jhl.verona’s picture

You seem to have a file permissions problem.

I presume your site is running on Linux.

You should have the following permissions (check with Filezilla):

/sites - 755
  /default - 555
    /files - 755

Also you would be better off not running in SAFE MODE with Drupal. See http://drupal.org/requirements, the PHP section.

mourgos’s picture

thank you for your help also i really appreciate your quick answer

:)

cog.rusty’s picture

Your main problem is that PHP's safe mode is enabled on your server. That is a broken "security feature" which PHP used to have.
(see http://php.net/manual/en/features.safe-mode.php).

You will have serious problems with files and images as long as safe mode is enabled. Drupal won't be able to write in directories which you created with FTP, and you won't be able to use FTP in directories which Drupal created. It is a matter of file ownership, and no permissions can affect it.

The only solution is to disable safe mode.

mourgos’s picture

well , i got in contact with my server provider and i am waiting for reply. i guess in case they can't disable safe mode i will have to use another CMS , right?

cog.rusty’s picture

Any CMS would be fine as long as it doesn't upload files.

There are workarounds but they are too annoying. For example you could tell them to change the ownership of all drupal files so that they are owned by the Apache user account and not yours, and after that never use FTP.

It is a somehow ridiculous situation. Imagine for example that you create your "files" and "temp" directories yourself with FTP, so that you own them, and also chmod them to 777. Drupal can write in them because it is also owned by you. But because it writes the files as user apache, it won't be able to to modify the files which it wrote itself.

mourgos’s picture

so what is the purpose of having enabled the safe mode then? what's the goal of it?

by the way , my provider disabled the php safe mode and i was able to install from the beginning drupal 6.17 and create the /sites/default/files/tmp folder needed and now it seems everything is ok.

i noticed that a .htaccess file created automatically in that folder , and also another one folder created automatically called "languages"

May i ask why you mention about "Any CMS would be fine as long as it doesn't upload files." ?

What do you mean by that? you mean the users shouldn't upload files?

ohh almost forgot to say thank you for the help

:)

cog.rusty’s picture

Why they have it enabled... because it is called "safe" I guess. Most hosts don't. In the link above you can see that PHP itself suggests not to use it. (Also read the comments in that page.)

What the problem is: The kind of security that "safe mode" tries to provide at the expense of usability (isolation of user accounts) is something which the server must do with methods which cover all application and not only PHP. If a server has to rely on PHP to do that for itself, that probably means that the server is insecure in other ways.

The small .htaccess file which Drupal creates automatically disable PHP's handler, so that if someone somehow manages to upload a PHP script under those directories, it can't run.

The language directories under many modules are for .po files containing translations of the user interface, which then can be imported in the database after enabling the locale module.

The comment about "any CMS" meant that the safe mode problem affects any CMS which supports file uploads. Some CMSs have some elaborate hacks to bypass the problem and upload files, but none can be trouble-free if safe mode is enabled. Drupal core's position is to make no effort and to declare "safe mode" broken.

There is one case in which "safe mode" works fine: When the web server runs with suexec, and can write using the user's account and not its own account. Of course in that case "safe mode" is useless.

jhl.verona’s picture

But because it writes the files as user apache, it won't be able to to modify the files which it wrote itself.

Sounds almost like Signetics' Write only memory - the datasheet: http://www.national.com/rap/files/datasheet.pdf

marcin dębicki’s picture

Had the same problem. Change this in .htaccess

# RewriteBase /

to

RewriteBase /
labertasche’s picture

I had the same error messages after reinstalling a backup of my drupal site to the server.

In my case, the problem was that the path for temporary files didn't exist any more. So I had the choice either to create a temp directory with exactly the same name as before or go to admit / settings / filesystem and specify there the new path to save the temporary files.

Stomper’s picture

How can I tell whether I have PHP safe mode enabled?

I recently moved my site from a localhost to a live hosting on a VPS (I have root access) and had to change quite a few file permissions, seemed odd, never had such issues on my localhost. Could it be caused by PHP safe mode being enabled unbeknownst to me?

cog.rusty’s picture

Probably not, if you managed to solve it by changing only the file permissions. The problems caused by "safe mode" have to do with file ownership and can't be solved by changing only the file permissions.

Server configurations can be different, requiring different permissions.

In any case, you can check for safe mode by uploading and running a phpinfo script (see http://drupal.org/node/59680).

MHL-1’s picture

I also had this problem in a Drupal installation + Cs Language + safe_mode ON :

: in sites/default/files ... the sub-Dir '/languages' was missing
: I could solve it by MANUALLY creating the directory ( sites/default/files/languages )
+ copied (manually) the cs-Language file (from my Local installation)

: then Drupal wrote its own cs-Language file there and showed the Err.Message not any more

Hopefully this could Help anyone else who should experience the Troble in future agan.

MHL-1’s picture

Pls. try to create the sub-DIR /tmp manually (Permissions 0755) - it might HELP ...

eduarrulho’s picture

Resolvi renomeando o caminho. Retirei a barra (/) do caminho
Substituí /tmp por tmp
1 - /tmp (bad)
2 - tpm (ok)

Abraços!