[pmwiki-users] Safe Mode Solution (Revisited)

Patrick R. Michaud pmichaud at pobox.com
Sat Feb 12 10:30:24 CST 2005


On Fri, Feb 11, 2005 at 10:00:09PM -0700, H. Fox wrote:
> 
> Recently Patrick R. Michaud <pmichaud at pobox.com> wrote:
> >The *only* way for things to work in safe_mode is to manually create 
> >the needed directories and set their permissions to 777, as outlined 
> >at the beginning of this section.
> 
> Actually there's another, IMHO "more secure", way for things to work in 
> safe_mode.
> Briefly, the safe_mode problem is caused by a "UID compare check", which 
> can be relaxed to a "GID compare check" by setting
>  safe_mode_gid = On
> in the PHP configuration file (php.ini) and restarting the web server.

I totally agree -- however, I'd say that the majority of wiki
administrators don't have the ability/permissions to change any of the
settings in php.ini, which is why I haven't highlighted this
particular approach.   But it is useful to include in the documentation
somewhere -- I'll fold it into the description I wrote a couple of days
ago.

> In my testing (on Mandrake and Debian), turning on safe_mode_gid has 
> completely solved the server-can't-read-files-it-created problem, which 
> means no world-writable directories or wiki pages are necessary.
> I posted a note about this to the list and added to a page on pmwiki.org 
> last April.  The page seems to have disappeared along with the v1 wiki.

Actually, PmWiki 1 had several problems with getting file permissions 
set correctly, while PmWiki 2 is much more robust in this respect, and
even handles those situations where files have been copied from
another server (and have the wrong permissions).

Pm



More information about the pmwiki-users mailing list