[pmwiki-users] Turn Off Safe Mode
Sivakatirswami
katir at hindu.org
Wed Feb 7 14:44:40 CST 2007
Ian Barton wrote:
> It's possible that Plesk is enabling safe mode on a per virtual host
> basis. You might possibly be able to turn it off with an .htaccess
> directive.
>
> I think that the magic directive is (you may need t check the apache docs):
>
> php_value safe_mode "1"
>
> Ian.
Ian, Yes you are right on target... Resolved...read on...
PM: would it help to have a "Safe Mode Issues" page on PMwiki?
to document what happened here? I'm not sure where best to put this stuff
on Pmwiki...
Actually it was support for the data
center that hosts our box support that fixed it.. I had
to then turn around and ask them "what did you do?" of course various
configurations will vary.. but it may still be helpful to document this.
So, FWIW: here goes (someone who is not timid about adding to PMwiki
could put this somewhere on pmwiki)
-----------------
!!! Turning Off Safe Mode On a Web Server
'''Context:''' (may vary a lot from one installation to another)
Web server running Apache on Fedora Core 3 (linux)
where the control panel "PLESK" is used to set up virtual domains.
-------
'''Problem:'''
Safe_mode is on and PMwiki cannot execute "mkdir" in a PMwiki
installation where
* groups are in folders and
*$WikiDir = new PageStore('wiki.d/{$Group}/{$FullName}'); is set in
farmconfig.php (or local/config.php)
---------------
'''What "naive admin" did:'''
Using a phpinfo.php page would indicate that the primary init file is
located:
-> /etc/php.ini
I changed the setting to "safe_mode= off" in this /etc/php.ini file
and restarted the server.
----------
'''What happened:'''
Turning safe_mode = off in /etc/php.ini did not in fact
change safe mode to "off" in the virtual domain where PMwiki was running.
"mkdir" was still being blocked in a PMWiki installation where groups were
in folders and a wiki link to a non-existing group (which would require
PMwiki to create a new folder) continued to fail and returns the
error message by PMwiki that you need to manually create a new
folder and set it's permissions.
---------------
'''Solution:'''
PLESK generates a separate httpd include file for each virtual domain it
creates.
A typical installation will generate directories for each virtual
domain like this,
one for each domain:
->/var/www/vhosts/my.wiki.domain.org/httpdocs/
is a typcial DOCROOT where you normally have your pmwiki installation.
typical default owner, group and permissions would be for
wiki.d and all folders and files therein:
* owner: '''mywikidomain''' (or whatever is set when the domain is created)
* group: '''psacln''' # a group name created by PLESK
* '''777''' for wiki.d and all subdirectories. (group folders).
But you will find another file, above the web content:
->/var/www/vhosts/my.wiki.domain.org/conf/httpd.include
which contains Apache directives specific to "my.wiki.domain.org"
In it you will see two directives pertaining to PHP, one for apache
and one for mod_php... in both of these, safe mode must
be set to off.. the nomenclature is not what you might
expect.
# for this one domain:
/conf/httpd.include
%code%
[snip]
<Directory /var/www/vhosts/wiki.hindu.org/httpdocs>
<IfModule sapi_apache2.c>
php_admin_flag engine on
# php_admin_flag safe_mode on
php_admin_flag safe_mode off
php_admin_value open_basedir
"/var/www/vhosts/wiki.hindu.org/httpdocs:/tmp"
</IfModule>
<IfModule mod_php5.c>
php_admin_flag engine on
#php_admin_flag safe_mode on
php_admin_flag safe_mode off
php_admin_value open_basedir
"/var/www/vhosts/wiki.hindu.org/httpdocs:/tmp"
</IfModule>
Options +Includes +ExecCGI
</Directory>
[snip]
%code%
restart httpd...
==========
You can see where they have commented
out the "safe_mode on" directives in two locations, and fixed it...
case closed... tedious, but useful education on PLESK set up...
now.. I wonder if we can now auto create an "uploads" folder for
groups where users want attach a photo or screen shot, but no uploads
folder
exists yet... of course the mandate that such folders should only be created
by admin is a security precaution, but in my context I would rather it
be allowed
as only trusted users can get in in the first place. and it save me from
complaints that "attach:" didn't work...
Sivakatirswami
More information about the pmwiki-users
mailing list