The PHP "safe mode" problem is this:
- Moodle files are owned by the user
- Uploaded files are owned by the web server user
- Safe Mode denies all access to files from scripts that are owned by a different user than the file.
So I just had a flash: what if the file-reading script was automatically CREATED by Moodle during installation (from a template stored in the library) - then this script would be owned by the user, and it shouldn't have any problems reading the files.
The instructions for installing Moodle under safe mode could be:
- use FTP or shell to "chmod 777 files" where files is the script folder
- visit the admin page, which will autodetect safe mode and create the safe-mode script
- chmod the directory again to turn off write permissions again "chmod 755 files" (for security)
When upgrading, the admin script could delete the old script and create a new one there (assuming chmod had been done).
Anyone see any problems with that?
It seems so simple - I'm surprised no-one's come up with it before. If it works I think it will have a lot less to go wrong than the FTP workaround which was the best solution until now.
I like Martin's new idea - it looks much more elegant.
I don't know the structure of Moodle well - is re-writing the file reading going to be easier than re-writing the file writing? (I had to fiddle with one other routine which bypassed the main writing function.)
I cant offer much help coding, but I'll gladly test stuff if that will help.
Hi, I'm just about to do a new install of Moodle 1.09 on a server that has Safe Mode on.
From reading the threads this is a problem, however it seems that you've come up with 'an elegant solution' (nothing I like better!).
Not being overly familiar with PHP I need a very simple step-by-step explanation of what to do, as I didn't quite get your instructions above. Thanks for your help!
But it might be in 1.1, depending on time/money.
if(fileowner($filename) !=
posix_getuid()) {
if(copy($filename,$filename . '.tmp')) {
unlink($filename);
rename($filename . '.tmp',$filename);
}
}
}
You could use this to change the owner of the script(s) that need to fiddle with the uploaded files to that of the web page once, then not worry about it again, couldn't you?
Also, would be good if you called those malicious interlopers crackers rather than hackers - which is what we nice guys are ;)
I assume this is the fix Martin's saying may be in 1.1. Where would this go and how would I implement it?
I've been having a little think about this and I'm afraid this idea of ownership changing on file writing scripts is not going to work.
The central problem is a PHP safe_mode flaw (?) whereby folders created by mkdir() are made UID *webserver* whereas all other file ops are UID *script user*.
To solve this we would have to change ownership of file writing scripts to UID *webserver* and I'm guessing that:
a) Sysops of safe mode systems won't want this
b) there is no way for users to do this on locked down systems such as run safe_mode
safe_mode doesn't allow chown()
The answer as I see it has to be:
1) mkdir() with the UID wrong owner and use another process (perl?) to chown()
2) mkdir() with another process (perl or FTP) so that folders are made UID *script user*
I don't know perl at all and I'm not sure we would want Moodle to require perl, just to fix this frustrating PHP bug (sorry - feature) - so I'm inclining back to the FTP solution - so how about I try making a cleaner version of the FTP mod for the 1.1 code??
The idea here is not to change the ownership of the file-writing script, but to get the webserver to CREATE the script (which means the ownership will be the 'webserver' user).
No chown required.
Time to write this little bugger is however, required.
Cheers,
Martin
"Time is an illusion - lunchtime doubly so" (HHGTG)
OK I'm beginning to get a clue what youre saying...
Incidentally I've been doing a little poking about - the problem is only with *nix based Apache + PHP as an apache module in s**e m**e. Sadly a common configuration..
Zend reccommend a workaround whereby the server admin relaxes safe mode to exclude some folders or use GID not UID. I have a good relationship with my hosting co but they are ultra security conscious so don't want to turn the wick down on security.
Under what circumstances can Apache write a script then? - Does it write to disk? - How? - anyone got any clues?
Martin if you're happy to give the occasional feedback I'm happy to put a little time (but not lunctime) into this.
With a few clues from other contribs I now have changed the ownership of these files to UID webserver:
- /moodle/user/lib.php (saves pics)
- /moodle/files/index.php (file manager)
- /moodle/lib/moodlelib.php most mkdir() calls
- /moodle/backup/lib.php Backup restorer
HOWEVER... if I try the file manager I get:
Warning: main() [function.main]: SAFE MODE Restriction in effect. The script whose uid is 18 is not allowed to access ../config.php owned by uid 732 in /usr/local/www/gospelcom/docs/rww/moodle/files/index.php on line 10
IE) it looks dodgy because all included files ALSO need to be the same UID or we can't include/require them because of S**E M***E.
effectively we'd have to chown() the whole installation!
Anyone got Ideas??
I'm not giving up on this!
I didn't think scripts wouldn't be able to include other scripts with a different UID ...
Safe as a straitjacket ...
Perhaps we better just light a fire under the "all files stored in database" solution ... would solve some cookie issues at the same time.
And whilst we are setting a match to the barbie (I assume this is the reference in your antipodean idiom) could we consider database sessions too - this would solve my next problem because I'm on a large multi-server host which doesn't work with cookies in /tmp as I understand it (because whilst my files are in a storage app the individual webserver boxes all have their own /tmp folder!) Hence session cookies appear to work 1 time in 6 (with 6 servers).
(Maybe that is another thread)
Now I'm going to have to learn ADOish.
Another idea occurs - if we want the whole installation to be uid(webserver) why not set up an auto install script that installs uid webserver?
- if we install like this:
1) user ftps mdl_install1.php to the base folder
2) then user uploads the .zip or .tar.gz by ftp to the same place
3) user executes mdl_install1.php
3) this makes the moodle folder,(UID webserver) as PHP mkdir() does that anyway
4) and makes an unzip script (mdl_install2.php) using fputs() (which will therefore be uid webserver)
5) then executes mdl_install2.php (by a header("Location: mdl_install2.php"); call)
6) which then does the unzip
- can safe mode do a header() call to redirect to another uid - must be able to
- would the unzipped files & folders be uid script or uid webserver? (both are webserver...)
Don't know what a smug smiley looks like - but this looks like it could fly
(but then it is the end of a long day)
http://moodle.org/bugs/bug.php?op=show&bugid=688
But I still like the idea of offering a "database-only" setting.
However I don't know what that would do to the performance of the system. "Faster CPU/RAM/disks/Everything please!"
Depends on what DBMS is in use I guess.
I'd guess that user pictures would be fairly straightforward - but wouldn't we still have safe mode problems getting them on the machine for manipulation??
The installer looks interesting - but the documentation is - shall we say terse (minimal)
I'm not at the PC today - but I'm certainly interested in persuing the installer route - it will have other benefits - could make the installation problems forum quieter!
(Partic when making folders then putting files in them)
Hi, Dick,
I'm having the same problem with SAFE MODE restriction.
I've been very intereted in following the forum discussion between you & Martin about it. Could I ask you a few questions?
1.- Is the new Moodle version with the solution Martin was talking about alredy there?
2.- Is there any work around to upload the files (photos, files, etc.) manually? How can I do?
3.- Is there no chance to use Moodle fully then running on a public server by now?
Everything else is running so perfect, such a great program!, this problem is a pitty.
I send you the wrong message:
Warning: SAFE MODE Restriction in effect. The script whose uid is 518 is not allowed to access /home/virtual/site15/fst/var/www/html/moodle/moodleupload/1/ owned by uid 48 in /home/virtual/site15/fst/var/www/html/moodle/files/index.php on line 654 Warning: readdir(): supplied argument is not a valid Directory resource in /home/virtual/site15/fst/var/www/html/moodle/files/index.php on line 655 Warning: closedir(): supplied argument is not a valid Directory resource in /home/virtual/site15/fst/var/www/html/moodle/files/index.php on line 666 |
Thanks,
Ariel
I'm afraid I dont have good answers for you yet!
>1.- Is the new Moodle version with the solution >Martin was talking about alredy there?
No sadly
>2.- Is there any work around to upload the files >(photos, files, etc.) manually? How can I do?
You might be allowed to use your FTP program in the following way:
1) Rename the folders and or files that have been made by moodle
2) Using the FTP program - make any new folders of the original name of any folders you just renamed
3) Using ftp put files manually in the folder
>3.- Is there no chance to use Moodle fully then >running on a public server by now?
You would need to talk with the administrator of the hosting company you are using about that.
>Everything else is running so perfect, such a >great program!, this problem is a pitty.
I agree and so do many - but Moodle is being developed by one guy who cannot do everything at once - and he has to eat! - plus of course a lot of volunteers, (most of whom have full time jobs). It just may be that we could speed up the process by finding some funding for Martin (we'd need to hear him on that).
I am keen to solve this but unless we can find funding it may be slow.
Regards
Thanks a lot, Dick
Ariel
Changed the webhosting company. Runs smoothly now.
Daniel,
I am facing same problems. You mean even public webhosting compnay who provides shared hosting does allow PHP running in non safe mode?
thanks
Daniel
If it is not against the forum rules. May I know the hosting company name (s)?
thanks
DM
I'm a new user to moodle but have been working with php for a while and my ISP gave me this workaround for safe mode. Hope it's not been posted before.
I have to differentiate between MODPHP and CGI-PHP here. My ISP, like most doesn't support safemode in MODPHP , for obvious reasons, but does with suexe wrapper in CGI mode. This is fine except that moodle is written for MODPHP and as such has no shebangs in the scripts (#!/bin/php first line).
So this works for me: get your ISP to put a copy of the php executable in your root cgi-bin directory and change it's owner and group to you. You will need their version to maintain site compatibility. Then in the moodle root directory add the following lines to your .htaccess file:
RemoveHandler .php
AddType application/cgi-php php
Action application/cgi-php /cgi-bin/php
Now this is working for me at the moment . I have not fully tested this implementation but have not found any significant problems yet.
However there were some teething problems - $_SERVER["PHP_SELF"] does not resolve correctly but sed fixed that to $_SERVER["PHP_URL"] which should resolve more reliably across different virtual server implementations. I think that this was related to my ISP's virtual server implementation
For reference I am running php version 4.3.1, with apache 1.3.27.
-pete
www.opensourcehost.com
www.siteground.com
Seem to know what they are doing and don't cost much.
How about listing those workarounds, chown/chgrp/whatever, for those lucky ones who have root access? Safe mode is a pain, but our administrator wont turn it off for security reasons which means I have a crippled moodle installation in my hands.
I had a similar issue with Joomla but they supply a work-around. It's pretty disappointing.
Btw, what does safe mode on make impossible for me to do? So far I've noticed that I can't upload backups or other files. Is there another way to deal with this?
yours,
Erik
I'm hoping for some movement from the Moodle community.
I wouln't count on it. This issue has been known for years and nothing has changed in the meanwhile. It simply doesn't pay the effort needed to make it work in safe mode (and I'm assuming it can be done, which I'm not totally sure of).
Saludos. Iñaki.
Dear all
I have the same problem:
mkdir() [function.mkdir]: SAFE MODE Restriction in effect. The script whose uid/gid is 32044/32045 is not allowed to access /home/public_html/moodledata/37/moddata owned by uid/gid 99/99 in /home/ciccms/public_html/lib/setuplib.php on line 69
It seems that SAFE MODE must be off
Our provider could'nt do that.
Any other Ideas.
Thanks all.
I already have my own webspace paid for and they won't turn off php safe mode (already asked them ) I know that of course I can run from my home computer, which I'll do for now while testing, but it'd be nice to know whether I'll need to change provider or if there is hope for the future.
In the meantime, I'd like to say, what a fantastic job the developers have done with this, I'm gobsmacked with the future possibilities of cool and clever online activities!
Keep up the good work!
There is a different "FTP workaround" without touching Moodle files that seems valid for all moodle versions (as far as the hosting provider gives you FTP access).
Take a look to this solution.
It worked for me.
Thats a very good solution given by you through FTP access.
I tried it the other way. I set the permissions of moodledata directory as 02777 and then proceeded moodle installation under
safe_mode = On
safe_mode_gid = On
Everything went fine during installation and it seemed that i have made to work it under safe mode. It was going fine for all the events but with problem in Backup.
Name: | backup-scf101-20090724-1450.zip |
Any suggestions for this problem?