Safe mode restriction when uploading

[rondog]

I'm installing an app on a clients server and when I try and upload through the form, I get this error:

 

<b>Warning</b>:  move_uploaded_file() [<a href='0function.move-uploaded-file0'>function.move-uploaded-file0</a>]: SAFE MODE Restriction in effect.  The script whose uid is 10053 is not allowed to access /var/www/vhosts/xxxxxxx.ca/httpdocs/clients/project_data/test owned by uid 48 in <b>/var/www/vhosts/xxxxxxx.ca/httpdocs/clients/upload.php</b> on line <b>50</b><br />

 

I've installed this same app on other servers and haven't ran into this problem before. The client is on a shared host so I do not have php.ini access. Any ideas? thanks

[requinix]

The owner of the script is not the same as the owner of that directory. Typically, one of those users is you (who uploaded something) and the other is PHP (who created something).

 

One owner needs to own both. If you uploaded the script, delete the current test/ and create it again.

[rondog]

So a PHP script is creating the folder through a form and is setting the owner/group to "apache/apache" whereas the script is "mc1967/psacIn"

 

Can I do anything in the PHP to set its owner/group?

[requinix]

Nope.

 

You could make the PHP script owned by apache:apache, but it's a trick:

1. Rename that script to something else

2. chmod the clients directory to 0777 (if it isn't already)

3a. Write a PHP script to create the real script by copying from the renamed script. You can use file_get_contents and file_put_contents (I don't know if a simple copy() will work)

3b. chmod the new script to 0666

4. Delete the renamed script

5. chmod the clients directory back to whatever it was before - likely 0755 (if you did step 2)

[rondog]

you my friend are a genius...that totally worked!

[xyph]

A lot of install scripts do this by default. Have all your code in a /_temp/ directory, then the install script reads each file and creates an Apache-owned version in the script's root folder, dumping the contents.