ID: 16042 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Feedback +Status: Bogus Bug Type: *Directory/Filesystem functions Operating System: Linux PHP Version: 4.1.2 Assigned To: jflemer New Comment:
The second mkdir() will fail with a safe_mode restriction as it should. This is not a bug. Files or directories created by PHP when PHP is running as an Apache module will be owned by the Apache user id. There is simply no way around that given the current state of Apache. And the safe-mode restriction correctly restricts you from creating a directory inside a directory not owned by the same uid as the script. The fact that it worked before was a security problem which was fixed. If you want to be able to do something like this, you should consider using the open_basedir restriction mechanism where all these checks are done based on the base directory and anything the user does within/beneath that base directory is ok. Please read http://www.php.net/manual/en/features.safe-mode.php and http://www.php.net/manual/en/configuration.php#ini.open-basedir Previous Comments: ------------------------------------------------------------------------ [2002-03-13 10:05:44] [EMAIL PROTECTED] Is it creating the first directory "testfolder", or does it fail on the first mkdir()? ------------------------------------------------------------------------ [2002-03-13 10:02:07] [EMAIL PROTECTED] Which working version were you using prior ? ------------------------------------------------------------------------ [2002-03-13 09:57:46] [EMAIL PROTECTED] This is NOT a support question! We have lost 37 websites in the last few days due to a BUG in the security update. Come on people! I provided a sample script not because I need help, but because I thought you did. We are hacking into the php core now to get it running again as we are a hosting service and ALL AND EVERY WEBSITE USING PHP's mkdir function do not work because of a problem (READ BUG) with the uid setup. ------------------------------------------------------------------------ [2002-03-13 09:49:59] [EMAIL PROTECTED] The bug system is not the appropriate forum for asking support questions. For a list of a range of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php ------------------------------------------------------------------------ [2002-03-13 09:26:53] [EMAIL PROTECTED] ENV: Linux 2.2.19/apache 1.3.23/ Safe mode on, latest security update The following simple scripts no longer work: <? mkdir('/var/www/web/test/testfolder' , 0777); mkdir('/var/www/web/test/testfolder/another', 0777); ?> It generates: SAFE MODE Restriction in effect. The script whose uid is 48561 is not allowed to access /var/www/web/test/testfolder owned by uid 98 in .. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=16042&edit=1
