Hello,

I have my php.ini safe_mode off for security. But, I'd like to be able toset a safe_mode on/off for individual domain. I've tried .htaccess using php_value safe_mode off but it does not work.

Anyone has any idea on how to do it?

Thank you,

Reyner

Originally posted by Globalcon.net
I have my php.ini safe_mode off for security. But, I'd like to be able toset a safe_mode on/off for individual domain. I've tried .htaccess using php_value safe_mode off but it does not work.


If something already is 'OFF' the .htaccess file with 'OFF' won't do anything special.
You can check what is set off and on with this php file:

<? phpinfo(); ?>

The .htaccess is working here as it should.

so try: php_value safe_mode on and upload this file to the public_html of the domain.

Guust,

Thank you for the reply. I have tried both ways:
- setting the php.ini with safe_mode on and safe_mode off
- tried with simple script like:

<?
// This should work if safe_mode is off
system ("ls -l");
?>

It still does not work. I've tried doing it both using .htaccess and changing the httpd custom from the control panel and it is not working either and I have tried php_value, php_admin_value, php_flag, php_admin_flag (php_admin_value/php_admin_flag from httpd custom). I also have double checked that the overwrite is turned on so either custom httpd or .htaccess should work, but it doesn't. It may work for registering globals, but not when it comes to safe_mode.

Any ideas?

I tryed it on my own server and it just worked, so I think you're making a mistake with the htacces.

My htaccess what worked:

php_value register_globals 1
php_value safe_mode on

Maybe the script also needs register_globals...hehe I really don't know. Sorry

Hi Guust,

Thanks for the tip. I added register_globals (and even do service httpd restart) and it still not working.

My configuration is this:

/usr/local/lib/php.ini:


safe_mode = On


/home/usr/domain/mydomain.com/public_html/.htaccess:


php_value register_globals 1
php_value safe_mode off

# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>

.htaccess is set to user:user and chmod to 755.

/home/usr/domain/mydomain.com/public_html/test.php:


<?
system ("ls -l");
?>


Still not showing anything. It should show the directory content in the browser.

and try this one:

php_value register_globals 1
php_value safe_mode 0

0 for 'off' and 1 for 'on'.

Still not working :(

After playing a while with the system, the best way to turn safe mode on/off is from the httpd.conf of each domain (/usr/local/directadmin/data/users/<user>/httpd.conf) by adding
php_admin_value safe_mode On between <Directory ...> ... </Directory> tag and do
service httpd restart

That being said, the easiest way to set the safe_mode On by default is at /usr/local/directadmin/data/templates/virtual_host*.conf so everytime I create a new domain, the safe_mode will automatically be set to the appropriate value.

I've also learned that safe_mode must be Off in /usr/local/lib/php.ini in order for the webmail to work.

Hope this helps someone who's having problem like mine.

Thanks for the reply earlier Guust!

Originally posted by Globalcon.net

Thanks for the reply earlier Guust!

Nice to hear you have found a solution. No problem!

v1.2.1, i added that line to a domain.conf, but it not work, safemode still on... anyone know other way?

It might have something to do with http://www.directadmin.com/features.php?id=206

If you enable frontpage that might cause problems. Guust doesn't have frontpage enabled and it works. My bet is that the problem lies in having frontpage enabled...

i talked with support. For now DA dont support set safemode off per domain

Hello ,

I had the same problem and found a way to arounf it ,
I just tested it and its all ok ,

1 - /usr/local/directadmin/data/users/<user>/httpd.conf
2 - omit the 2 lines :

php_flag engine on
php_admin_value safe_mode 1

3 - save the changes
4 - restart apache

And wait aboat a minuts for httpd to update .


Thats it .

I don't have these settings in my users httpd.conf

When this update that globally turned this on was implemented, it broke a LOT of scripts - Menalto's Gallery, Invision Boards, etc.

I'm hoping John has a quick fix for this... or some way to enable/disable from the control panel (ideal scenario). Having my techs manually edit from root access is NOT an option.

John? Anyone?





Originally posted by pilpelet
Hello ,

I had the same problem and found a way to arounf it ,
I just tested it and its all ok ,

1 - /usr/local/directadmin/data/users/<user>/httpd.conf
2 - omit the 2 lines :

php_flag engine on
php_admin_value safe_mode 1

3 - save the changes
4 - restart apache

And wait aboat a minuts for httpd to update .


Thats it .

Hello,

If you can't have safemode, just use the custom template feature:



cd /usr/local/directadmin/data/templates
cp virtual_host*.conf custom
cd custom
<edit the templates as needed, take out safe_mode if required>
echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queueThis will turn off safemode accross the board.

John

Here's a question, why do only "some" domains have safemode on?

I searched and of my 3 servers, about 25-35 domains on each server have safemode n their httpd.conf but the other 100 or so per server do not have the safe mode line in httpd.conf.

Why is this?

The template is only used for new domains or when a change is made on an old one. If the user doesn't change anything, the new template won't be used.

echo "action=rewrite&value=httpd" >> ... will force a rewrite of *all* httpd.conf file, so they'll all use the new one.

John

Originally posted by DirectAdmin Support
The template is only used for new domains or when a change is made on an old one. If the user doesn't change anything, the new template won't be used.

echo "action=rewrite&value=httpd" >> ... will force a rewrite of *all* httpd.conf file, so they'll all use the new one.

John

I figured this was the case. Just wanted to confirm.

About .htaccess and safe-mode (yes. I know this problem is solved already, but I want to explain/show why that didn't work and this includes some other directives also). Reason why you can't turn safe-mode off/on from .htaccess is that it's HUGE security risk. Safe-mode is used to make PHP safe (if off, PHP has same access as Apache if used as module), so it isn't meant that end-users could change that (ex. Apache running as root. Safe-mode on. PHP used as module. User changes safe-mode off from .htaccess. User have now full access to everything).

If you want to know which directives are changeable from .htaccess/runtime/httpd.conf, check http://www.php.net/manual/en/configuration.changes.php and http://www.php.net/manual/en/configuration.changes.php.

-Eljas

Originally posted by DirectAdmin Support
Hello,

If you can't have safemode, just use the custom template feature:



cd /usr/local/directadmin/data/templates
cp virtual_host*.conf custom
cd custom
<edit the templates as needed, take out safe_mode if required>
echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queueThis will turn off safemode accross the board.

John

This not works to me. plz can you explain more that.

Thanks

http://www.directadmin.com/forum/showthread.php?s=&threadid=1979&highlight=SAFEMODE

John