I just had an idea that might solve the safe mode problem.
The PHP "safe mode" problem is this:
- Moodle files are owned by the user
- Uploaded files are owned by the web server user
- Safe Mode denies all access to files from scripts that are owned by a different user than the file.
So I just had a flash: what if the file-reading script was automatically CREATED by Moodle during installation (from a template stored in the library) - then this script would be owned by the user, and it shouldn't have any problems reading the files.
The instructions for installing Moodle under safe mode could be:
- use FTP or shell to "chmod 777 files" where files is the script folder
- visit the admin page, which will autodetect safe mode and create the safe-mode script
- chmod the directory again to turn off write permissions again "chmod 755 files" (for security)
When upgrading, the admin script could delete the old script and create a new one there (assuming chmod had been done).
Anyone see any problems with that?
It seems so simple - I'm surprised no-one's come up with it before. If it works I think it will have a lot less to go wrong than the FTP workaround which was the best solution until now.
I like Martin's new idea - it looks much more elegant.
I don't know the structure of Moodle well - is re-writing the file reading going to be easier than re-writing the file writing? (I had to fiddle with one other routine which bypassed the main writing function.)
I cant offer much help coding, but I'll gladly test stuff if that will help.
Hi, I'm just about to do a new install of Moodle 1.09 on a server that has Safe Mode on.
From reading the threads this is a problem, however it seems that you've come up with 'an elegant solution' (nothing I like better!).
Not being overly familiar with PHP I need a very simple step-by-step explanation of what to do, as I didn't quite get your instructions above. Thanks for your help!
Unfortunately, this is not in 1.0.9, Jude.
But it might be in 1.1, depending on time/money.
But it might be in 1.1, depending on time/money.
function fixowner ($filename) {
if(fileowner($filename) !=
posix_getuid()) {
if(copy($filename,$filename . '.tmp')) {
unlink($filename);
rename($filename . '.tmp',$filename);
}
}
}
You could use this to change the owner of the script(s) that need to fiddle with the uploaded files to that of the web page once, then not worry about it again, couldn't you?
if(fileowner($filename) !=
posix_getuid()) {
if(copy($filename,$filename . '.tmp')) {
unlink($filename);
rename($filename . '.tmp',$filename);
}
}
}
You could use this to change the owner of the script(s) that need to fiddle with the uploaded files to that of the web page once, then not worry about it again, couldn't you?
Yep, that's pretty much it, though you do have to allow for possible upgrades to the file. Plus, we have do the chmod manually (can't leave it on, otherwise some hacker might write their own file.php!)
Have a look at how bugzilla does this. They have a little script that takes care of all file permissions at install time.
Also, would be good if you called those malicious interlopers crackers rather than hackers - which is what we nice guys are ;)
Also, would be good if you called those malicious interlopers crackers rather than hackers - which is what we nice guys are ;)
I assume this is the fix Martin's saying may be in 1.1. Where would this go and how would I implement it?
Hi folks - the saga continues.....
I've been having a little think about this and I'm afraid this idea of ownership changing on file writing scripts is not going to work.
The central problem is a PHP safe_mode flaw (?) whereby folders created by mkdir() are made UID *webserver* whereas all other file ops are UID *script user*.
To solve this we would have to change ownership of file writing scripts to UID *webserver* and I'm guessing that:
a) Sysops of safe mode systems won't want this
b) there is no way for users to do this on locked down systems such as run safe_mode
safe_mode doesn't allow chown()
The answer as I see it has to be:
1) mkdir() with the UID wrong owner and use another process (perl?) to chown()
2) mkdir() with another process (perl or FTP) so that folders are made UID *script user*
I don't know perl at all and I'm not sure we would want Moodle to require perl, just to fix this frustrating PHP bug (sorry - feature) - so I'm inclining back to the FTP solution - so how about I try making a cleaner version of the FTP mod for the 1.1 code??
I've been having a little think about this and I'm afraid this idea of ownership changing on file writing scripts is not going to work.
The central problem is a PHP safe_mode flaw (?) whereby folders created by mkdir() are made UID *webserver* whereas all other file ops are UID *script user*.
To solve this we would have to change ownership of file writing scripts to UID *webserver* and I'm guessing that:
a) Sysops of safe mode systems won't want this
b) there is no way for users to do this on locked down systems such as run safe_mode
safe_mode doesn't allow chown()
The answer as I see it has to be:
1) mkdir() with the UID wrong owner and use another process (perl?) to chown()
2) mkdir() with another process (perl or FTP) so that folders are made UID *script user*
I don't know perl at all and I'm not sure we would want Moodle to require perl, just to fix this frustrating PHP bug (sorry - feature) - so I'm inclining back to the FTP solution - so how about I try making a cleaner version of the FTP mod for the 1.1 code??
Hi, Dick.
The idea here is not to change the ownership of the file-writing script, but to get the webserver to CREATE the script (which means the ownership will be the 'webserver' user).
No chown required.
Time to write this little bugger is however, required.
Cheers,
Martin
The idea here is not to change the ownership of the file-writing script, but to get the webserver to CREATE the script (which means the ownership will be the 'webserver' user).
No chown required.
Time to write this little bugger is however, required.
Cheers,
Martin
"Time is an illusion - lunchtime doubly so" (HHGTG)
OK I'm beginning to get a clue what youre saying... 
Incidentally I've been doing a little poking about - the problem is only with *nix based Apache + PHP as an apache module in s**e m**e. Sadly a common configuration..
Zend reccommend a workaround whereby the server admin relaxes safe mode to exclude some folders or use GID not UID. I have a good relationship with my hosting co but they are ultra security conscious so don't want to turn the wick down on security.
Under what circumstances can Apache write a script then? - Does it write to disk? - How? - anyone got any clues?
Martin if you're happy to give the occasional feedback I'm happy to put a little time (but not lunctime) into this.
Well I've been having a good play with my moodle in safe mode.
With a few clues from other contribs I now have changed the ownership of these files to UID webserver:
- /moodle/user/lib.php (saves pics)
- /moodle/files/index.php (file manager)
- /moodle/lib/moodlelib.php most mkdir() calls
- /moodle/backup/lib.php Backup restorer
HOWEVER... if I try the file manager I get:
Warning: main() [function.main]: SAFE MODE Restriction in effect. The script whose uid is 18 is not allowed to access ../config.php owned by uid 732 in /usr/local/www/gospelcom/docs/rww/moodle/files/index.php on line 10
IE) it looks dodgy because all included files ALSO need to be the same UID or we can't include/require them because of S**E M***E.
effectively we'd have to chown() the whole installation!
Anyone got Ideas??
I'm not giving up on this!
Oh no! That's a major bummer.
I didn't think scripts wouldn't be able to include other scripts with a different UID ...
Safe as a straitjacket ...
Perhaps we better just light a fire under the "all files stored in database" solution ... would solve some cookie issues at the same time.
I didn't think scripts wouldn't be able to include other scripts with a different UID ...
Safe as a straitjacket ...
Perhaps we better just light a fire under the "all files stored in database" solution ... would solve some cookie issues at the same time.
I think the database solution is far less "flakey" - so I'd vote for it.
And whilst we are setting a match to the barbie (I assume this is the reference in your antipodean idiom) could we consider database sessions too - this would solve my next problem because I'm on a large multi-server host which doesn't work with cookies in /tmp as I understand it (because whilst my files are in a storage app the individual webserver boxes all have their own /tmp folder!) Hence session cookies appear to work 1 time in 6 (with 6 servers).
(Maybe that is another thread)
Now I'm going to have to learn ADOish.
And whilst we are setting a match to the barbie (I assume this is the reference in your antipodean idiom) could we consider database sessions too - this would solve my next problem because I'm on a large multi-server host which doesn't work with cookies in /tmp as I understand it (because whilst my files are in a storage app the individual webserver boxes all have their own /tmp folder!) Hence session cookies appear to work 1 time in 6 (with 6 servers).
(Maybe that is another thread)
Now I'm going to have to learn ADOish.
Sorry about the lack of smilies in the last 
Another idea occurs - if we want the whole installation to be uid(webserver) why not set up an auto install script that installs uid webserver?
- if we install like this:
1) user ftps mdl_install1.php to the base folder
2) then user uploads the .zip or .tar.gz by ftp to the same place
3) user executes mdl_install1.php
3) this makes the moodle folder,(UID webserver) as PHP mkdir() does that anyway
4) and makes an unzip script (mdl_install2.php) using fputs() (which will therefore be uid webserver)
5) then executes mdl_install2.php (by a header("Location: mdl_install2.php"); call)
6) which then does the unzip
- can safe mode do a header() call to redirect to another uid - must be able to
- would the unzipped files & folders be uid script or uid webserver? (both are webserver...)
Don't know what a smug smiley looks like - but this looks like it could fly
(but then it is the end of a long day)
Another idea occurs - if we want the whole installation to be uid(webserver) why not set up an auto install script that installs uid webserver?
- if we install like this:
1) user ftps mdl_install1.php to the base folder
2) then user uploads the .zip or .tar.gz by ftp to the same place
3) user executes mdl_install1.php
3) this makes the moodle folder,(UID webserver) as PHP mkdir() does that anyway
4) and makes an unzip script (mdl_install2.php) using fputs() (which will therefore be uid webserver)
5) then executes mdl_install2.php (by a header("Location: mdl_install2.php"); call)
6) which then does the unzip
- can safe mode do a header() call to redirect to another uid - must be able to
- would the unzipped files & folders be uid script or uid webserver? (both are webserver...)
Don't know what a smug smiley looks like - but this looks like it could fly
(but then it is the end of a long day)
Better than that, see this installer I was looking at:
http://moodle.org/bugs/bug.php?op=show&bugid=688
But I still like the idea of offering a "database-only" setting.
http://moodle.org/bugs/bug.php?op=show&bugid=688
But I still like the idea of offering a "database-only" setting.
Mustard Mitt I like the idea of all the content being in the database. It just seems tidier to me.
However I don't know what that would do to the performance of the system. "Faster CPU/RAM/disks/Everything please!"
Depends on what DBMS is in use I guess.
However I don't know what that would do to the performance of the system. "Faster CPU/RAM/disks/Everything please!"
Depends on what DBMS is in use I guess.
Yes I can see that database held material does have advantages.
I'd guess that user pictures would be fairly straightforward - but wouldn't we still have safe mode problems getting them on the machine for manipulation??
The installer looks interesting - but the documentation is - shall we say terse
(minimal)
I'm not at the PC today - but I'm certainly interested in persuing the installer route - it will have other benefits - could make the installation problems forum quieter!
I'd guess that user pictures would be fairly straightforward - but wouldn't we still have safe mode problems getting them on the machine for manipulation??
The installer looks interesting - but the documentation is - shall we say terse
I'm not at the PC today - but I'm certainly interested in persuing the installer route - it will have other benefits - could make the installation problems forum quieter!
The webhosting company I'm discussing a Moodle installation with offered me a possibility to run a cron script every minute that would make chown to all my folders and files making me the owner. Would this be a for-the-time-being solution to Safe Mode On?
I'd think it should work OK - there may be the odd glitch because of the 1 minute delay before files or folders become usable.
(Partic when making folders then putting files in them)
(Partic when making folders then putting files in them)
Hi, Dick,
I'm having the same problem with SAFE MODE restriction.
I've been very intereted in following the forum discussion between you & Martin about it. Could I ask you a few questions?
1.- Is the new Moodle version with the solution Martin was talking about alredy there?
2.- Is there any work around to upload the files (photos, files, etc.) manually? How can I do?
3.- Is there no chance to use Moodle fully then running on a public server by now?
Everything else is running so perfect, such a great program!, this problem is a pitty.
I send you the wrong message:
Warning: SAFE MODE Restriction in effect. The script whose uid is 518 is not allowed to access /home/virtual/site15/fst/var/www/html/moodle/moodleupload/1/ owned by uid 48 in /home/virtual/site15/fst/var/www/html/moodle/files/index.php on line 654 Warning: readdir(): supplied argument is not a valid Directory resource in /home/virtual/site15/fst/var/www/html/moodle/files/index.php on line 655 Warning: closedir(): supplied argument is not a valid Directory resource in /home/virtual/site15/fst/var/www/html/moodle/files/index.php on line 666 |
Thanks,
Ariel
Ariel
I'm afraid I dont have good answers for you yet!
>1.- Is the new Moodle version with the solution >Martin was talking about alredy there?
No sadly
>2.- Is there any work around to upload the files >(photos, files, etc.) manually? How can I do?
You might be allowed to use your FTP program in the following way:
1) Rename the folders and or files that have been made by moodle
2) Using the FTP program - make any new folders of the original name of any folders you just renamed
3) Using ftp put files manually in the folder
>3.- Is there no chance to use Moodle fully then >running on a public server by now?
You would need to talk with the administrator of the hosting company you are using about that.
>Everything else is running so perfect, such a >great program!, this problem is a pitty.
I agree and so do many - but Moodle is being developed by one guy who cannot do everything at once - and he has to eat! - plus of course a lot of volunteers, (most of whom have full time jobs). It just may be that we could speed up the process by finding some funding for Martin (we'd need to hear him on that).
I am keen to solve this but unless we can find funding it may be slow.
Regards
I'm afraid I dont have good answers for you yet!
>1.- Is the new Moodle version with the solution >Martin was talking about alredy there?
No sadly
>2.- Is there any work around to upload the files >(photos, files, etc.) manually? How can I do?
You might be allowed to use your FTP program in the following way:
1) Rename the folders and or files that have been made by moodle
2) Using the FTP program - make any new folders of the original name of any folders you just renamed
3) Using ftp put files manually in the folder
>3.- Is there no chance to use Moodle fully then >running on a public server by now?
You would need to talk with the administrator of the hosting company you are using about that.
>Everything else is running so perfect, such a >great program!, this problem is a pitty.
I agree and so do many - but Moodle is being developed by one guy who cannot do everything at once - and he has to eat! - plus of course a lot of volunteers, (most of whom have full time jobs). It just may be that we could speed up the process by finding some funding for Martin (we'd need to hear him on that).
I am keen to solve this but unless we can find funding it may be slow.
Regards
Thanks a lot, Dick
Ariel
Update: It works fine for the Files folder (with the one minute delay) but it does not work for backup/restore and other processes that create temporary folders and use them immediately for writing files into them.
Changed the webhosting company. Runs smoothly now.
Changed the webhosting company. Runs smoothly now.
Daniel,
I am facing same problems. You mean even public webhosting compnay who provides shared hosting does allow PHP running in non safe mode?
thanks
Yes, exactly.
Daniel
If it is not against the forum rules. May I know the hosting company name (s)?
thanks
I would prefer if you reach via my e-mail. Thank you.
DM
DM
Hi All,
I'm a new user to moodle but have been working with php for a while and my ISP gave me this workaround for safe mode. Hope it's not been posted before.
I have to differentiate between MODPHP and CGI-PHP here. My ISP, like most doesn't support safemode in MODPHP, for obvious reasons, but does with suexe wrapper in CGI mode. This is fine except that moodle is written for MODPHP and as such has no shebangs in the scripts (#!/bin/php first line).
So this works for me: get your ISP to put a copy of the php executable in your root cgi-bin directory and change it's owner and group to you. You will need their version to maintain site compatibility. Then in the moodle root directory add the following lines to your .htaccess file:
RemoveHandler .php
AddType application/cgi-php php
Action application/cgi-php /cgi-bin/php
Now this is working for me at the moment. I have not fully tested this implementation but have not found any significant problems yet.
However there were some teething problems - $_SERVER["PHP_SELF"] does not resolve correctly but sed fixed that to $_SERVER["PHP_URL"] which should resolve more reliably across different virtual server implementations. I think that this was related to my ISP's virtual server implementation
For reference I am running php version 4.3.1, with apache 1.3.27.
-pete
I'm a new user to moodle but have been working with php for a while and my ISP gave me this workaround for safe mode. Hope it's not been posted before.
I have to differentiate between MODPHP and CGI-PHP here. My ISP, like most doesn't support safemode in MODPHP
So this works for me: get your ISP to put a copy of the php executable in your root cgi-bin directory and change it's owner and group to you. You will need their version to maintain site compatibility. Then in the moodle root directory add the following lines to your .htaccess file:
RemoveHandler .php
AddType application/cgi-php php
Action application/cgi-php /cgi-bin/php
Now this is working for me at the moment
However there were some teething problems - $_SERVER["PHP_SELF"] does not resolve correctly but sed fixed that to $_SERVER["PHP_URL"] which should resolve more reliably across different virtual server implementations. I think that this was related to my ISP's virtual server implementation
For reference I am running php version 4.3.1, with apache 1.3.27.
-pete
I just installed moodle 1.5.2 on a shared server that does not support safe-mode off. I read a lot of posts mostly from 2003. Is there now a safe-mode work around? My provider is suggesting PHP power mode to run php through CGI. I am not a programer, but this sounds like trouble to me.
My advice, get a different host, for instance
www.opensourcehost.com
www.siteground.com
Seem to know what they are doing and don't cost much.
www.opensourcehost.com
www.siteground.com
Seem to know what they are doing and don't cost much.
I added safe-mode off as a requirement for Moodle in the installation docs since there does not seem to a viable work-around, at present, perhaps until there is an "all in the database" option in moodle.
How comes there still is an issue with php in safe mode? The problem has been with us for too long - at least since 2003. Most of the time running php safe mode off is not an option...
How about listing those workarounds, chown/chgrp/whatever, for those lucky ones who have root access? Safe mode is a pain, but our administrator wont turn it off for security reasons which means I have a crippled moodle installation in my hands.
How about listing those workarounds, chown/chgrp/whatever, for those lucky ones who have root access? Safe mode is a pain, but our administrator wont turn it off for security reasons which means I have a crippled moodle installation in my hands.
I agree with this. I just happily installed Moodle on my new host (Nearlyfreespeech.net) only to find that they don't turn safe mode off. Period.
I had a similar issue with Joomla but they supply a work-around. It's pretty disappointing.
Btw, what does safe mode on make impossible for me to do? So far I've noticed that I can't upload backups or other files. Is there another way to deal with this?
yours,
Erik
I had a similar issue with Joomla but they supply a work-around. It's pretty disappointing.
Btw, what does safe mode on make impossible for me to do? So far I've noticed that I can't upload backups or other files. Is there another way to deal with this?
yours,
Erik
Hi Mauno, thanks. That's kind of a depressing list. A lot of things I won't be able to do. I've contacted my host again and they insist that safe-mode-off is too risky. I'm hoping for some movement from the Moodle community.
Perhaps you need to vote with your feet (and cheque book), and move to another web host that does meet your needs. I don't know if that is realistic for you, but there are plenty of hosts out there that do offer sensible PHP hosting.
I'm hoping for some movement from the Moodle community.
I wouln't count on it. This issue has been known for years and nothing has changed in the meanwhile. It simply doesn't pay the effort needed to make it work in safe mode (and I'm assuming it can be done, which I'm not totally sure of).
Saludos. Iñaki.
Dear all
I have the same problem:
mkdir() [function.mkdir]: SAFE MODE Restriction in effect. The script whose uid/gid is 32044/32045 is not allowed to access /home/public_html/moodledata/37/moddata owned by uid/gid 99/99 in /home/ciccms/public_html/lib/setuplib.php on line 69
It seems that SAFE MODE must be off
Our provider could'nt do that.
Any other Ideas.
Thanks all.
Hi!I'm a new new newbie user (2 days and counting!!!!) and would also love to know if a "safe mode compliant" version is in the pipeline?
I already have my own webspace paid for and they won't turn off php safe mode (already asked them
) I know that of course I can run from my home computer, which I'll do for now while testing, but it'd be nice to know whether I'll need to change provider or if there is hope for the future.
In the meantime, I'd like to say, what a fantastic job the developers have done with this, I'm gobsmacked with the future possibilities of cool and clever online activities!
Keep up the good work!
I already have my own webspace paid for and they won't turn off php safe mode (already asked them
) I know that of course I can run from my home computer, which I'll do for now while testing, but it'd be nice to know whether I'll need to change provider or if there is hope for the future.In the meantime, I'd like to say, what a fantastic job the developers have done with this, I'm gobsmacked with the future possibilities of cool and clever online activities!
Keep up the good work!
There is a different "FTP workaround" without touching Moodle files that seems valid for all moodle versions (as far as the hosting provider gives you FTP access).
Take a look to this solution.
It worked for me.
Hi Martin,
Thats a very good solution given by you through FTP access.
I tried it the other way. I set the permissions of moodledata directory as 02777 and then proceeded moodle installation under
safe_mode = On
safe_mode_gid = On
Everything went fine during installation and it seemed that i have made to work it under safe mode. It was going fine for all the events but with problem in Backup.
Thats a very good solution given by you through FTP access.
I tried it the other way. I set the permissions of moodledata directory as 02777 and then proceeded moodle installation under
safe_mode = On
safe_mode_gid = On
Everything went fine during installation and it seemed that i have made to work it under safe mode. It was going fine for all the events but with problem in Backup.
| Name: | backup-scf101-20090724-1450.zip |
The backup did not complete successfully.
Any suggestions for this problem?
Any suggestions for this problem?