PHP Safemode?

richiem74

Joined: 2002-11-11
Posts: 3

Posted: Mon, 2002-11-11 21:23

Since G2 is database driven does it still require PHP not to be in safemode? The demos that I've seen of this package look nice, but my web host currently uses PHP safemode, so I am unable to run gallery.

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Wed, 2002-11-13 22:11

Database vs. Flat Files doesn't affect the safe mode restriction.

The problem with safe mode is that interferes with running sub-jobs (like NetPBM). And it is a sliding scale so it can be configured such that it interferes with other useful things (like creating sub directories). At this point we make no guarantees that G2 will work with Safe Mode on.
As Rasmus says about safe mode: "the biggest problem with safe mode is that people use it"

richiem74

Joined: 2002-11-11
Posts: 3

Posted: Thu, 2002-11-14 04:39

Thanks a bunch for your response. I had forgotten about stuff like NetPBM. I've actually talked to my web host in the mean time regarding the merits of safe mode and he agreed to turn it off, so my gallery is back up again. Keep up the good work.

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Thu, 2002-11-14 06:32

G2 supports alternate graphics toolkits, so we'll be able to use GD (or GD2) instead of NetPBM. That'll alleviate some of the problems, but if safe mode is configured to prevent users from creating subdirectories then we're still toast. Time will tell.

cbradney

Joined: 2002-09-24
Posts: 13

Posted: Thu, 2002-11-14 10:11

One of the issues I have with the current gallery is the permissions required/placed on the subdirectories of the albums. They end up being owned by www so even I cant change/move/delete them when logged in under telnet on my site. Is there configuration that I've missed, or is this an issue with 1.3.1 on Unix? Will the new database structure remove this issue? tnx

beckett

Joined: 2002-08-16
Posts: 3474

Posted: Thu, 2002-11-14 10:52

Short answer:
This won't change with Gallery 2.

Long answer: :smile:
Every file Apache/PHP creates is created by the user that Apache runs as. This is usually set to "nobody" or "www" or something other than a real computer user, completely for security purposes. If Apache were run as a real user (say, you), there would be the potential for security leaks or hacking into other items owned by that user via Apache (i.e. Apache would then have access to things like your home directory, personal files, group priveliges, etc.). In Gallery 2, the database files will be created and edited by Apache, so this won't go away.

You can use Bharat's <A HREF="http://gallery.sourceforge.net/docs.php?artid=22" TARGET="_blank">Cleanup Script</A> to change permissions allowing you to erase the files in the albums directory. You can also write your own PHP code to manipulate the files as you please or run a shell script, but run as the Apache user (which demonstrates elegantly why this security measure is there in the first place!).

-Beckett (beck@beckettmw.com)

richiem74 Joined: 2002-11-11 Posts: 3	Posted: Mon, 2002-11-11 21:23
	Since G2 is database driven does it still require PHP not to be in safemode? The demos that I've seen of this package look nice, but my web host currently uses PHP safemode, so I am unable to run gallery.
	XUser login Username: * Password: * Create new account Request new password
bharat Joined: 2002-05-21 Posts: 7994	Posted: Wed, 2002-11-13 22:11
	Database vs. Flat Files doesn't affect the safe mode restriction. The problem with safe mode is that interferes with running sub-jobs (like NetPBM). And it is a sliding scale so it can be configured such that it interferes with other useful things (like creating sub directories). At this point we make no guarantees that G2 will work with Safe Mode on. As Rasmus says about safe mode: "the biggest problem with safe mode is that people use it"

richiem74 Joined: 2002-11-11 Posts: 3	Posted: Thu, 2002-11-14 04:39
	Thanks a bunch for your response. I had forgotten about stuff like NetPBM. I've actually talked to my web host in the mean time regarding the merits of safe mode and he agreed to turn it off, so my gallery is back up again. Keep up the good work.

bharat Joined: 2002-05-21 Posts: 7994	Posted: Thu, 2002-11-14 06:32
	G2 supports alternate graphics toolkits, so we'll be able to use GD (or GD2) instead of NetPBM. That'll alleviate some of the problems, but if safe mode is configured to prevent users from creating subdirectories then we're still toast. Time will tell.

cbradney Joined: 2002-09-24 Posts: 13	Posted: Thu, 2002-11-14 10:11
	One of the issues I have with the current gallery is the permissions required/placed on the subdirectories of the albums. They end up being owned by www so even I cant change/move/delete them when logged in under telnet on my site. Is there configuration that I've missed, or is this an issue with 1.3.1 on Unix? Will the new database structure remove this issue? tnx

beckett Joined: 2002-08-16 Posts: 3474	Posted: Thu, 2002-11-14 10:52
	Short answer: This won't change with Gallery 2. Long answer: :smile: Every file Apache/PHP creates is created by the user that Apache runs as. This is usually set to "nobody" or "www" or something other than a real computer user, completely for security purposes. If Apache were run as a real user (say, you), there would be the potential for security leaks or hacking into other items owned by that user via Apache (i.e. Apache would then have access to things like your home directory, personal files, group priveliges, etc.). In Gallery 2, the database files will be created and edited by Apache, so this won't go away. You can use Bharat's <!-- BBCode Start --><A HREF="http://gallery.sourceforge.net/docs.php?artid=22" TARGET="_blank">Cleanup Script</A><!-- BBCode End --> to change permissions allowing you to erase the files in the albums directory. You can also write your own PHP code to manipulate the files as you please or run a shell script, but run as the Apache user (which demonstrates elegantly why this security measure is there in the first place!). -Beckett (beck@beckettmw.com)

XUser login