Possible to run eZ with PHP safe_mode = On?

Author Message

Felipe Jaramillo

Friday 08 December 2006 7:15:15 am

Hi,

I have a client who absolutely requires eZ to run on their servers, with some particular security policies.

Safe Mode = On
Safe Mode GID = On

PHP 4.3.x , Apache 2.0 on Solaris.

We would be using 3.6 becuase of the old PHP.

I've read there was a hack for this in the Contrib, but it seems to be outdated:
http://ez.no/community/contribs/hacks/living_with_safemode_and_gd

What are my options?

Thanks,

Felipe

Felipe Jaramillo
eZ Certified Extension Developer
http://www.aplyca.com | Bogotá, Colombia

Claudia Kosny

Friday 08 December 2006 1:02:18 pm

Hi Felipe

This depends on what the exact safe mode settings are on your server:
Have a look at the different safemode PHP settings:
http://lu.php.net/features.safe-mode

Some examples:
safe_mode_exec_dir can prohibit access to the imagemagick executable.
open_basedir can prohibit PHP to open a file in the tmp folder
disable_functions and disable_classes can disable core PHP functions and classes that EZ needs to work

All these settings can be set by your provider to his liking so it is impossible to say whether EZ will work or not. I would say that you can expect to have no access to imagemagick, which means you need gd. Access to all directories within the ezpublish tree should not be a problem. Access to a tmp directory might be a problem, but any halfway decent webhoster will give you such access as otherwise you cannot upload any files using a form.

I am not sure about the effects of the Safe Mode GID setting. There might be problems if you upload files using ftp (e.g the initial upload) making the ftpuser the owner, whereupon PHP can not open the files, but this depends again on the exact setup of your server.

Good luck

Claudia

Felipe Jaramillo

Wednesday 20 December 2006 2:59:02 pm

@Claudia,

Thank you for your answer.

Just to let you know, I have done some tests with your suggestion and managed to succesfully get eZ to work with safe_mode on an enviroment very close to the one I mentioned except on Linux instead of Solaris.

I will keep on trying to find areas of the system that cease to work with these restrictions.

If anyone is aware of any other pitfalls that may be caused by using safe_mode, I'd appreciate to let me know.

Regards,

Felipe

Felipe Jaramillo
eZ Certified Extension Developer
http://www.aplyca.com | Bogotá, Colombia

kracker (the)

Wednesday 20 December 2006 9:16:34 pm

I would be interested in helping collect any documentation of information on this subject.

- Steps to install eZ publish with PHP safe mode enabled
- Known issues, warnings and considerations
- Solutions and hacks per issue or consideration

//kracker

Member since: 2001.07.13 || http://ezpedia.se7enx.com/

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.