Disable safe mode in PHP

[sololb45]

I am trying to disable safe mode in PHP on my server so I can complete the installation of x-cart on my dedicated server. I know there are ways around it through scripting and i have seen a few tutorials on how to do it kind of.

Does anyone know how to disable safe mode in PHP on a dedicated server for just one domain?


HELP

Thanks,
Jamie

 

[poke]

Just create a vhost.conf or for ssl vhost_ssl.conf file containing the code you want reflected.

Really man, I have 4PSA's total domains and its so easy to modify PHP setting. No command line at all.

If this doesn't help, I'm sure someone out there has the code to enter in to a newly created vhost.conf file in your conf dir.

Best Regards,
poke

 

[sololb45]

Sounds easy

It sounds easy enough. Never done it before though. I create the vhost.conf file in what directory? I hope it's not the conf directory because for some reason, I can not get into that folder. And in the vhost.conf file, what exactly should I put for the code? Something like this???

php_admin_value safe_mode 0
php_admin_value open_basedir "/home/httpd/vhosts/www.domain.com/httpdocs/:/"

Still confused...

Thanks
Jamie

EDITED: I just found out from a Plesk engineer that Plesks control panel gets its privilages as a ftp user so the only way to enter the conf file is NOT THROUGH PLESK obviously.

 

[poke]

yes it is the conf dir....... why do you not have access?

 

[sololb45]

PLESK

No access because of plesk. Plesk has the privilieges of a ftp user and that does not include making changes to the conf file in the root. I was trying to avoid this but I am going to have to use PUTTY since my server is UNIX based. I am not any good with PUTTY and have never used it before.

 

[poke]

putty is the bomb.... scp is even better......

I suggest if you are going to start managing linux boxes you get familar with putty and the different *nix commands.

Don't play around on a production box....... If you've never even used putty before, i suggest you ask some real linux admins nearbye what is up or for some help.

I can't give you linux 101, you know. But hang in there, I caught on really quick and before I knew it I was recompiling my kernel's.

Take care,
poke

PS...... try doing a search on this forum for "disable safe mode" i'm sure you'll find plenty.

 

[sololb45]

Thanks

Thanks bro for your help. I am a lot further along now than I was this morning when I came in.

 

[poke]

no problem...

If you want to spiffy up your box ever better and more up-to-date, I would suggest looking at A.R.T.'s rpms at www.atomicrocketturtle.com.....

He has worked his tail off only to offer us some great psa friendly rpms.

Don't go crazy with the MySQL update though, plesk still doesn't support it....

Best Regards,
poke

 

[gerhard@]

Jamie,

I had the same issue with safe_mode. There are a couple of ways to disable it.

I will assume that you know how to SSH into your box. Once you're in, change to root. Then you have 2 options (although I would strongly suggest B. over A.):

A.Server safe_mode off
1. pico /etc/php.ini
2. search for safe_mode = on and change it to safe_mode = off.
3. restart Apache by typing /etc/rc.d/init.d/httpd restart

B.Domain safe_mode off
1. pico /home/httpd/vhosts/domainname.com/conf/httpd.include
2. add php_admin_flag safe_mode off before <IfModule mod_ssl.c>
3. restart Apache by typing /etc/rc.d/init.d/httpd restart

With the 2nd approach, I discovered though that if you restart Plesk/the server etc., the line that you added disappears from httpd.include. No idea why though...

Take care and play safely , Gerhard.

 

[sololb45]

Direction

I am trying to get to here...

pico /home/httpd/vhosts/domainname.com/conf/httpd.include

I am new to SSH and I am using PUTTY.

when I log into root I am left at the command prompt like this...

[[email protected]]#

when I type dir or directory I only get this line...

install.log install.log.syslog psa

I think I am the wrong directory but I don't know how to move around anymore. cd... command does not take me back anymore. I can only go into cd psa.

How do I get to the root base so I can navigate to pico/home/http/ etc.

Help.

Thanks
Jamie

 

[gerhard@]

K Jamie,

pico /home/httpd/vhosts/domainname.com/conf/httpd.include was more like an example. You are supposed to replace domainname.com with the domain name that you want to enable safe_mode for (e.g. pico /home/httpd/vhosts/audioopticsacc.com/conf/httpd.include.

You said you have a dedicated server. If this is the case, I see no reason for you not being able to access everything on that server once you switch to root (type su and then the root password).

Here are some useful commands for you:

pwd - shows your current location (e.g. /home/vhosts)

ls - shows you the content of a certain directory. Use ls -a to view all files/dirs within that dir.

cd - changes directories (e.g. cd .. takes you back 1 level and cd / takes you to the topmost level within your server)

pico - edits files (e.g. pico /home/httpd/vhosts/audioopticsacc.com/conf/httpd.include)

locate - finds files for you (e.g. locate audioopticsacc.com)

Hope this helps , Gerhard.

 

[ad7742]

Note that the following instructions do need _some_ familiarity with Linux (which you admit you don't have, so be careful!). They should work fine, but if anything goes wrong or you get the syntax incorrect, then Apache will not restart. I have added instructions at the bottom for how to remedy this worst-case scenario. I would STRONGLY suggest reading this whole post several time to ensure you understand what's going on before undertaking the task!

Firstly, do not edit httpd.include. This will simply be overwritten by Plesk.

The correct way to do this is to create a new file called vhost.conf in the conf folder, and put the changes in there.

PuTTY into the server and type this:

cd /home/httpd/vhosts/DOMAINNAME/conf
touch vhost.conf
chmod 777 vhost.conf
exit

(Obviously replace DOMAINNAME with the relevant domain name)

The chmod command allows you to edit the vhost.conf file via FTP, so you can use any text editor you like. Do make sure you save the file in UNIX mode, not DOS.

Next, edit that file so that it contains the following:

<Directory /home/httpd/vhosts/DOMAINNAME/>
php_admin_value safe_mode 1
</Directory>

Next you will need to make sure that this file is read in by Apache when it restarts. Those nice people at Plesk have made a script to do this. PuTTY back into the server and type the following:

/usr/local/psa/admin/bin/websrvmng -a

That command tells Plesk to reconfigure Apache to read in your vhost.conf file (for those of you who are interested, it tells Plesk to edit the httpd.include file so that that file automatically includes the vhost.conf file!). Next you must restart Apache. On RedHat you type:

/etc/rc.d/init.d/httpd restart

If Apache doesn't restart properly then something has gone wrong! Your web server is now not functioning, so we need to sort that out! To do this, firstly we must remove the vhost.conf file (which is presumably where the error is). To do this, type in:

rm /home/httpd/vhosts/DOMAINNAME/conf/vhost.conf

Now we must tell Apache to ignore that vhost.conf file, so re-run that command that reconfigures Apache:

/usr/local/psa/admin/bin/websrvmng -a

Finally restart Apache:

/etc/rc.d/init.d/httpd restart

There. Fixed. Now re-read these instructions and try again!

FYI If you want to have safe mode off for the HTTPS version of the site, repeat the above instructions word-for-word, but make the name of the conf file "vhost_ssl.conf". To clarify, if you wanted safe mode off for both HTTP and HTTPS requests, your conf folder would contain three files:

httpd.include
vhost.conf
vhost_ssl.conf

(Actually, it may also contain httpd.include.bak, made by Plesk...)

I hope the above is useful to someone. Any questions, put a post here.

Finally, I would strongly suggest never turning off safe_mode if your client has FTP access. They could install a PHP script and gain SSH access to your server.

[ cheers for the suggestion regarding the restarting Apache, Gerhard ]

 

[gerhard@]

You know your thing ad7742, that's for sure .

I would like to make a single remark though. service might not work. By default, on a RH box, the way to restart Apache is /etc/rc.d/init.d/httpd restart.

I am still wondering how to set .bash_profile to access the functions in /sbin etc. In OS X (based on BSD), I just edit the .profile and it works. Any suggestions ad7742?

Thanks for telling me where to put the php_admin_flag . Now it won't get overwritten by Plesk.

Cheers, Gerhard.

 

[ad7742]

Sorry Gerhard - no real idea on the .profile question - we don't allow any shell access to the server on our hostings here, so I've never had to bugifx that. The only suggestion I can think of is that seeing as Plesk sets a user's home directory to be /home/httpd/vhosts/DOMAINNAME then add the line

PATH=$PATH:/sbin

to .bash_profile within that folder.

Thanks for the suggestion of changing

service httpd restart
to
/etc/rc.d/init.d/httpd restart

I can't recall which RPM provides the service command, but I only started using it recently and have got into the habit! The /etc method is totally reliable, rather than being dependent on the service RPM. Previous post changed to reflect that.

Cheers

Andy

 

[gerhard@]

Yes, PATH=$PATH:/sbin worked . I was using PATH=$PATH:$HOME/sbin and wondered why it wouldn't work - thanks for that Andy.

Even on my server I found that all those commands were installed (service, chkconfig etc.) but the paths weren't set in .bash_profile. With your suggestion, I got it sorted .

All best, Gerhard.

 

[Matt356]

Just an addition to the very helpful note - if safe mode is on for the server, you should be writing:

php_admin_value safe_mode 0 (not 1)

if you want it off for the domain.

 

[Linulex]

Just a note on security.

NEVER NEVER NEVER disable safe mode for the whole server in php.ini. One idiot with a phpbb (or simular) that forgets one security upgrade and your server is hacked.

Disable it according the instructions ad7742 layd out on a per domain basis. And make sure you check up on those domains what they have installed and if they always have the latest version.

Disabling safe mode for a complete server is the same as posting your root password on your site.

regards
Jan

 

[DaveNET@]

Hello.

I've followed the instructions here to turn off Safe Mode for a domain.

However, when I try the site, I'm still getting safe mode restriction errors as follows:

Warning: dir(): SAFE MODE Restriction in effect. The script whose uid is 10053 is not allowed to access /var/www/vhosts/FakeDomain.com/httpdocs/CNP/vendors//carnival_cruise_line/SPECIALS owned by uid 48 in /var/www/vhosts/FakeDomain.com/httpdocs/CNP/cpanel/common.php on line 56

Warning: dir(/var/www/vhosts/FakeDomain.com/httpdocs/CNP/vendors//carnival_cruise_line/SPECIALS): failed to open dir: Success in /var/www/vhosts/FakeDomain.com/httpdocs/CNP/cpanel/common.php on line 56

Fatal error: Call to a member function on a non-object in /var/www/vhosts/FakeDomain.com/httpdocs/CNP/cpanel/common.php on line 58

This is a Debian server newly installed over the weekend.

David

 

[muchofaiko]

I was told to read your(ad7742) reply to solve this safe mode problem on this webpage, but I have a question;

PUTTY only allows me to log on as root and I cannot switch to my other domain(user ID), where I want to change safe mode setting. Is there a way to access the non-root domain via PUTTY? I did "su - client2" and typed the password but it just doesnt change anything.

I have just started learning UNIX, and my question might be silly to you but will you please help me with this?

Thanks!
Aiko

 

[ott0]

one other thing to add to ad7742's description: it is recommended that you use php_admin_flag instead of php_admin_value to set boolean config options.

oh, i think someone already said that.