Member Avatar for himerus

My question/issue is that I want to turn off PHP safe_mode on a new server... The server is running Ensim 3.5 Pro, and this is the 3rd ensim server I have from ev1servers.com...

The server is completely dedicated, and will NEVER host anyones site/sites but my own for a project among 4 partners.

I've turned off safe_mode for an entire server before, but have never really looked into the affects of this, and the potential problems this might cause.

According to http://us3.php.net/features.safe-mode, "The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now. "

To me, this sounds like using PHP safe mode is really only an issue for a Web Server running PHP with more than one user accessing the server, or running scripts on the server.

I know how to turn it off just by changing the httpd.conf from:

<IfDefine vwh_php4_module>
php_admin_flag safe_mode on
</IfDefine>

to

<IfDefine vwh_php4_module>
php_admin_flag safe_mode off
</IfDefine>

Can anyone think of any reasons this would EVER be an issue on a server that no one accessed, or ran scripts on other than myself/my partners???

I'm sure this could cause some debate, but I want opinions!!!! :D

  • 3 Contributors
  • 3 Replies
  • 240 Views
  • 2 Years Discussion Span
  • Latest Post Latest Post by vartotojas
Member Avatar for Neo

Unless your site is going to be public, I dont see any problem with it.

If it is open to the public then potential hacks could manipulate scripts on your site.. for example

[script on my site]
<?php
$file = fopen("http://www.yoursite.com/thescript.php","w+");
unlink($file);
fclose($file);
?>
[/script on my site]

Someting like that.. :o

Member Avatar for himerus

I've tried running a script sort of like the one you have posted, NEO, and I haven't been able to make it work...

I've ran it from several different servers, and pointed it to scripts on servers with safe mode on, and off.

I'd be interested to find a way to make sure it wasn't working, but from all my tests, I couldn't write to a file on any of my servers, and the default file properties only give write access to the owner, so with Apache running as nobody, it makes sense that it wouldn't work...

Any other thoughts/suggestions?! :)

Member Avatar for vartotojas

Don't be silly that'd never work.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.