On Nov 23, 2004, at 4:05 PM, dbw(a)ozreef.org wrote:
Is PHP's
open_base_dir option on, maybe?
From phpinfo.php .....
open_basedir /usr/bin:/home/httpd/vhosts/domain.com/httpdocs
Yes, that would keep you from accessing /tmp. If the TMP environment
variable is not set (or is set to an unreachable directory), and the
images subdirectory is not writable, it will try to use /tmp and fail.
upload_tmp_dir /home/httpd/vhosts/domain.com/httpdocs/tmp
The tmp file exists and should be writable. What chmod should it be?
upload_tmp_dir is not the general /tmp directory; that's where PHP
stores files that have been uploaded in an HTTP POST request with
attached files.
OK, I changed the image directory to 777 and the
installation worked
fine ....
Great!
Should the image directory chmod be changed now? Or
does it have to
stay writable?
It should probably stay writable; if for instance you update
xhtml_slim.pt it will need to recompile the template again. Also you
will need that directory (or equivalent) to be writable if you want to
enable the upload or TeX rendering features.
Is it OK to run the wiki using that instead of the
/tmp directory?
Security wise etc.
The compiled template script file itself is safe, it's a PHP file that
simply defines a function and so shouldn't be able to be executed in a
malicious manner.
If you're on shared hosting and there are other users who can directly
access the filesystem from the web server, perhaps by running arbitrary
shell commands or CGI scripts (bypassing PHP's safe_mode or
open_base_dir restrictions) it's possible that they could write
arbitrary files into your writable directory. (They could also read
your database password in the config files, whether you have a writable
directory or not, if they are able to get direct filesystem access.)
Assuming that other protections are in place and open_base_dir is
sufficient to prevent access to arbitrary filesystem locations by other
users' scripts (it is your hosting provider's job to assure this), then
there should not be any real risk.
Thank you very much for your assistance.
Would I be allowed to put this up onto the installation wiki for this
(MediaWiki)? Or the troubleshooting etc when it is full resolved?
The directions already state that you should make the images directory
writable if /tmp doesn't work, but the warning doesn't (yet) trigger on
the open_base_dir setting.
-- brion vibber (brion @
pobox.com)