I recently moved some of the web applications that I’ve written over to a new dedicated server with UKFast. The new server I had with my previous terrible web host, was setup in a much less secure way (PHP Safe Mode”>safe_mode off for example) than the new one so I was finding that several scripts weren’t working.
One of the major annoyances was php file uploads used to put property pictures onto the site. With error reporting switched to maximum and Display Errors switched on in my php.ini file I was able to see the full list of errors. One of the major complaints stated something along the lines of…
PHP Warning:Â Unknown(): SAFE MODE Restriction in effect.Â The script whose uid is 1 is not allowed to access /path/to/script.php owned by uid 26658 in Unknown on line 0;
Many of the directories and image files were created by the old site and so file ownership was a major problem. Technical support suggested turning off safe mode as a short term fix and then working around it in the longer term. I wasn’t quite happy with this solution so spent some time thinking through the problem.
I knew that you could change the ownership of a file by logging in as root via SSH and running the following commands…
I started by setting the file and group ownership of the files on my site to 26658 (if we’re using the above example!). This seemed to sort the problem until that is I tried to FTP files to and from the site, resulting in a permission denied and/or file not found errors.
So after playing around with several uid’s I had a cup of tea and thought through the problems. For me to upload files via FTP then the owner of the file is going to have to match the FTP username. So I set the owner of the file as the username I used to log in via FTP. Secondly, the webserver is going to want to access the files so I set the group ownership as ‘apache‘.
This didn’t quite work, but setting the /tmp directory ownership to nobody (chown nobody /tmp) seems to have fixed the problems :)
Liked this post? Follow this blog to get more.
Leave a Reply
You must be logged in to post a comment.