ID: 31618 User updated by: kibab at icehouse dot net Reported By: kibab at icehouse dot net -Status: Bogus +Status: Open Bug Type: Filesystem function related Operating System: redhat enterprise PHP Version: 5CVS-2005-03-14 New Comment:
Yes. I read docs, although I sometimes misunderstand them: Note in my previous post: safe_mode_include_dir = /usr/share/pear Also note that per the documentation (http://www.php.net/manual/en/features.safe-mode.php): "safe_mode_include_dir string UID/GID checks are bypassed when including files from this directory and its subdirectories (directory must also be in include_path or full path must including)." Certainly $myfilename = '/usr/share/pear/commonfile.php'; is in safe_mode_include dir. Thus, the error message is incorrect and *is* a PHP bug. Previous Comments: ------------------------------------------------------------------------ [2005-08-11 11:10:57] [EMAIL PROTECTED] Did you read something about safe_mode before turning it On? "By default, Safe Mode does a UID compare check when opening files. If you want to relax this to a GID compare, then turn on safe_mode_gid. Whether to use UID (FALSE) or GID (TRUE) checking upon file access." (c) http://www.php.net/manual/en/features.safe-mode.php So, it's perfectly fine to have these errors and to have FALSE in is_readable() because you turned safe_mode yourself. This is expected behaviour. ------------------------------------------------------------------------ [2005-08-11 01:59:45] kibab at icehouse dot net Ok. It says (see http://www.ewu.edu/web/tools/bug31618_3.php): Warning: fopen() [function.fopen]: SAFE MODE Restriction in effect. The script whose uid/gid is 687/694 is not allowed to access /usr/share/pear/commonfile.php owned by uid/gid 0/0 in /var/www/sites/web/tools/bug31618_3.php on line 3 Warning: fopen(/usr/share/pear/commonfile.php) [function.fopen]: failed to open stream: Resource temporarily unavailable in /var/www/sites/web/tools/bug31618_3.php on line 3 ------------------------------------------------------------------------ [2005-08-10 20:44:05] [EMAIL PROTECTED] Of course, I meant this: <?php $myfilename = '/usr/share/pear/commonfile.php'; fopen($myfilename, 'r'); ?> ------------------------------------------------------------------------ [2005-08-10 20:36:39] [EMAIL PROTECTED] Could you plz also try this: <?php fopen($myfilename, 'r'); ?> And post the error message here. Thanks. ------------------------------------------------------------------------ [2005-08-10 20:24:48] kibab at icehouse dot net Ok, here's a new "complete" example for you. First, we need to do some setup as this is based on permissions, ownership, and safe mode: cd <some directory in safe_mode_include_dir> # note, I used cd /usr/share/pear echo "TESTING" > commonfile.php chmod a+r commonfile.php Then: $ ls -l commonfile* -rw-rw-r-- 1 root root 8 Aug 10 10:54 commonfile.php And, permissions on the source PHP file in use: $ ls -l bug31618.php -rw-rw-r-- 1 kpederson financialaid 576 Aug 10 10:50 bug31618.php I used the following relevant settings: $ grep -iE "safe|include" /etc/php.ini | grep -v "^;" safe_mode = On safe_mode_gid = On safe_mode_include_dir = /usr/share/pear safe_mode_exec_dir = "/usr/local/php_exe/bin" safe_mode_allowed_env_vars = PHP_ safe_mode_protected_env_vars = LD_LIBRARY_PATH include_path = ".:/usr/share/pear/:/usr/share/pear/ewu_lib:/var/lib/php_secure" sql.safe_mode = Off Now, grab my PHP script from the following URL: http://www.ewu.edu/web/tools/bug31618.php.txt It's output looks like the following (as can be seen from http://www.ewu.edu/web/tools/bug31618.php): is_readable: /usr/share/pear/commonfile.php (false) TESTING Now, if I change the ownership to root:root (as I did for bug31618_2.php, eg. as seen by http://www.ewu.edu/web/tools/bug31618_2.php): is_readable: /usr/share/pear/commonfile.php (true) TESTING Thus, the results are based on ownership of the calling php script, not the file attempting to be read, despite being in safe_mode_include_dir. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/31618 -- Edit this bug report at http://bugs.php.net/?id=31618&edit=1