I would like talk about this question.. I have friends who never will give an account with the safe mode in off, sacrilege!!:D security gurus you know..:D

another guys well... no problem with the safe mode status.. And i.. I in an intermediate place.. but i think actually the apps are builing with safe mode on support..

Any help or comment about this??

and how can i put the safe mode in off for all the domains that will be created?

Thanks friends:D

sorry my english

http://www.directadmin.com/forum/showthread.php?s=&threadid=873

Further down that thread there is a soloution to turn it off, i advise you to keep it on unless required and would most certainly not want it off as default, however, thats me ;)

Chris

Hello,

We include DA with safe_mode off by default. We tried turning it on for one release, but that caused increadible chaos and support issues, that we couldn't keep up with, so we were forced to turn it off. There is nothing stopping you from turning it on by default, or even making it switchable from DA.

You can make it switchable on a per-domain basis by doing the following:

1)

cd /usr/local/directadmin/data/templates
cp virtual_host*.conf custom
cd custom

2) edit each virtual_host*.conf file, and setup the following:


|?SAFEMODE=1|
....
<VirtualHost ....... >
|CUSTOM|
....
<Directory |DOCROOT| .... >
....
php_admin_value safe_mode |SAFEMODE|
....
</Directory>
</VirtualHost>
Now, you can change the value of SAFEMODE at the top to 0 or 1 depending on what you want for the default.

3) When you want to alter from the default value which you've setup, then just go to:

Admin Panel -> Admin Settings -> Customize Httpd Configurations -> domain.com

and in the top text area, just enter:


|?SAFEMODE=0|
where the value you set is the opposite of the default. This will enter that string into the |CUSTOM| token, which will reset the value of SAFEMODE to the custom value you just set. If you don't add anything to the custom httpd.conf feature, then the default will be used.

John

Umm thanks for the replys jeje the poll is 50%-50% .. I have dudes, i dont have ssh accounts. but will be secure have safe mode off for all? i think this woulb be safe mode on by defaut.

Are directadmin working on that or will be the safe off by default always?

thanks again sorry my english

Hello,

We include it "off" by default, but you can just follow those steps to turn it on when needed. We did turn it on by default for one release, but we were swamped with support emails about scripts not working, so we had to turn it off again. We're leaving it up to the server admin to decide.

John

How about a dropdown or checkbox (like the one to completely enable/disable PHP)?

dropdown:

"[ No PHP Access ]"
"[ PHP: Safe-mode ]"
"[ PHP: Full ]"

or maybe simply two checkboxes:

"Normal PHP Access [ ]"
"Safe-mode PHP Access [ ]"


..or something? :)

That would be good.. Question is.. do we give Resellers the option or should it only be up to the Admin to disable it?

John

Originally posted by l0rdphi1
How about a dropdown or checkbox (like the one to completely enable/disable PHP)?

dropdown:

"[ No PHP Access ]"
"[ PHP: Safe-mode ]"
"[ PHP: Full ]"

or maybe simply two checkboxes:

"Normal PHP Access [ ]"
"Safe-mode PHP Access [ ]"


..or something? :)

Yes, will be a nice and very popular feature for the nexts releases.

Originally posted by DirectAdmin Support
That would be good.. Question is.. do we give Resellers the option or should it only be up to the Admin to disable it?

John I say admins only.. since it is the admins server, after all. Resellers get No PHP // Safe-mode PHP ? Hmm...

Oui, d'accor :)

Matt

agree, usefull feature

But it's interface implementation would be non standard.. meaning it would probably need it's own page in the Admin Panel since Resellers wouldn't be able to set it:

Admin Panel -> Safe Mode Settings (or something like that)

Enable Safe Mode on all new domains [ check ]

then it would have a huge list of domains where the admin could check off, or uncheck safemode.

John

mm.. maybe better in a menu like 'advance options' so the main screen remain clear of this type of aditional options tat you use once in a while..

Yes, I'd stick it somewhere else off the main screen.

John

That looks good. So only domains with PHP enabled will show up on this new page? Then from those domains you can tick the ones you want safemode to operate on.

Looks good, I suppose.

so the default safemode is set to off, but this is not recommenned for most hosts. let say i want to turn it on, will below happen with the new version 1.2.18?

"We include DA with safe_mode off by default. We tried turning it on for one release, but that caused increadible chaos and support issues, that we couldn't keep up with, so we were forced to turn it off."

Hello,

By giving you the option, you'll be able to turn it on and off as needed on a per-domain basis. Basically, it will still be off by default for DA installs, but you will have the option to turn it on by default for all new domains. The idea being, you can easily disable it for accounts that are having trouble with it being on, or else you can help them to get it to work. The reason we had to set it to off by default for installs was because there was no way to turn it off through the interface, so it was on for everyone without a way to disable it when needed, and by the jump in our support emails, it was definately needed :).

The new interface will give you the option to set it up however you wish. On/Off per domain, and default On/Off for new domains.

John

Hi,

How do I set safe mode 'on' as the default for domains?

Mucho thanks :)
Matt

Hello,

Once you upgrade to 1.21.3, you'll need to edit the directadmin.conf and set:

safemode=ON

and then restart DA. I failed to remember to implement that through the interface, but the functinality is there. ;)

For anyone who has no clue what I'm talking about, 1.21.3 has a safemode page that allows the admin to control the safemode settings for all domains on the server. (Admin Panel -> Admin Settings -> Php Safe Mode Configuration)

John

Thanks man :)

Matt

Hi John,

I don't think DA is enabling safe mode by default for domains added to an account using the domain adminstration section of a user's control panel. I've added the line to my directadmin.conf.

Thanks,
Matt :)

Originally posted by DirectAdmin Support
Once you upgrade to 1.21.3, you'll need to edit the directadmin.conf and set:

safemode=ON
John, when we set safemode = ON in php.ini UebiMiau fails.

Will we solve the problem by changing it in directadmin.conf instead of in php.ini?

While we prefer squirrelmail some of our old clients still use UebiMiau, and they need safemode turned off.

Can we resolve this by turning safemode on in directadmin.conf, and then off for the users who still use squirrelmail?

Or is there some other fix?

Thanks.

Jeff

Couldn't you configure safe-mode ON in PHP.INI and use httpd.conf along with a php_admin_flag to turn it OFF for the UebiMiau directory?

Hmm... What about adding a new <Directory> in the virtualhost for /var/html/www, eg:


.....
<VirtualHost |IP|:80>
.....
<Directory |DOCROOT|>
Options +Includes -Indexes
php_admin_flag engine |PHP|
php_admin_flag safe_mode |SAFE_MODE|
</Directory>
<Directory /var/www/html>
php_admin_flag engine ON
php_admin_flag safe_mode OFF
</Directory>
.....
</VirtualHost>

John

What I said :D

Will do.

Thanks.

Jeff

Hum, how can we disable safe_mode for SquirrelMail then?

Originally posted by UltimeWWW
Hum, how can we disable safe_mode for SquirrelMail then?

The above covers /var/www/html in general, all webmail scripts aswell as PMA are in there :)

Chris

Why not just have DA make all new accounts with SafeMode on then you wouldn't have to set it global effectively disabling the email programs?

Originally posted by DirectAdmin Support
Once you upgrade to 1.21.3, you'll need to edit the directadmin.conf and set:

safemode=ON

and then restart DA. I failed to remember to implement that through the interface, but the functinality is there. ;)
A have putted that line in both
/usr/local/directadmin/conf/directadmin.conf and /usr/local/directadmin/data/templates/directadmin.conf but it has no effect. New accounts still created with safemode=OFF
:(

Restarted DirectAdmin?

Chris

Also, if you are using custom virtual_host*.conf templates, you must make sure you update them to have the correct tokens.

Easy fix:
rm -f /usr/local/directadmin/data/templates/custom/virtual_host*.conf
echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queueJohn