- Add documentation for safe_mode_gid and safe_mode_include_dir (closes #16691).

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@82981 c90b9560-bf6c-de11-be94-00142212c4b1
2025-03-18 18:08:54 +00:00 · 2002-05-20 16:38:40 +00:00 · 2002-05-20 16:38:40 +00:00 · 69cb80001d
commit 69cb80001d
parent ea30f704ff
2 changed files with 102 additions and 15 deletions
--- a/chapters/config.xml
+++ b/chapters/config.xml
@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.52 $ -->
+<!-- $Revision: 1.53 $ -->
 <chapter id="configuration">
  <title>Configuration</title>

@ -845,6 +845,21 @@ include_path=".;c:\www\phplib"
      </listitem>
     </varlistentry>

+     <varlistentry id="ini.safe-mode-gid">
+      <term>
+       <parameter>safe_mode_gid</parameter>
+       <type>boolean</type>
+      </term>
+      <listitem>
+       <para>
+        Whether to use <literal>UID</literal> (<literal>Off</literal>) or
+        <literal>GID</literal> (<literal>On</literal>) checking upon file
+        access. See <link linkend="features.safe-mode">Safe Mode</link> for
+        more information.
+       </para>
+      </listitem>
+     </varlistentry>
+
     <varlistentry id="ini.safe-mode-exec-dir">
      <term>
       <parameter>safe_mode_exec_dir</parameter>
@ -858,6 +873,21 @@ include_path=".;c:\www\phplib"
      </listitem>
     </varlistentry>

+     <varlistentry id="ini.safe-mode-include--dir">
+      <term>
+       <parameter>safe_mode_include_dir</parameter>
+       <type>string</type>
+      </term>
+      <listitem>
+       <para>
+        <literal>UID</literal>/<literal>GID</literal> checks are bypassed when
+        including files from this directory and its subdirectories (directory
+        must also be in <link linkend="ini.include-path">include_path</link>
+        or full path must including).
+       </para>
+      </listitem>
+     </varlistentry>
+
    </variablelist>
   </sect2>

--- a/features/safe-mode.xml
+++ b/features/safe-mode.xml
@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.24 $ -->
+<!-- $Revision: 1.25 $ -->
 <chapter id="features.safe-mode">
  <title>Safe Mode</title>

@ -11,19 +11,67 @@
   especially ISP's, use safe mode for now. 
  </para>
  <para>
-   The configuration directives that control safe mode are: 
-   <programlisting role="ini">
-<![CDATA[
-safe_mode = Off 
-safe_mode_gid = 0
-safe_mode_include_dir =
-safe_mode_exec_dir = 
-open_basedir = 
-safe_mode_allowed_env_vars = PHP_ 
-safe_mode_protected_env_vars = LD_LIBRARY_PATH 
-disable_functions = 
-]]>
-   </programlisting>
+   <table>
+    <title>Configuration directives controlling safe mode are:</title>
+    <tgroup cols="2">
+     <thead>
+      <row>
+       <entry>Directive</entry>
+       <entry>Default value</entry>
+      </row>
+     </thead>
+     <tbody>
+      <row>
+       <entry>
+        <link linkend="ini.safe-mode">safe_mode</link>
+       </entry>
+       <entry><literal>Off</literal></entry>
+      </row>
+      <row>
+       <entry>
+        <link linkend="ini.safe-mode-gid">safe_mode_gid</link>
+       </entry>
+       <entry><literal>0</literal></entry>
+      </row>
+      <row>
+       <entry>
+        <link linkend="ini.safe-mode-include-dir">safe_mode_include_dir</link>
+       </entry>
+       <entry><literal>""</literal></entry>
+      </row>
+      <row>
+       <entry>
+        <link linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>
+       </entry>
+       <entry><literal>1</literal></entry>
+      </row>
+      <row>
+       <entry>
+        <link linkend="ini.open-basedir">open_basedir</link>
+       </entry>
+       <entry><literal>""</literal></entry>
+      </row>
+      <row>
+       <entry>
+        <literal>safe_mode_allowed_env_vars</literal>
+       </entry>
+       <entry><literal>PHP_</literal></entry>
+      </row>
+      <row>
+       <entry>
+        <literal>safe_mode_protected_env_vars</literal>
+       </entry>
+       <entry><literal>LD_LIBRARY_PATH</literal></entry>
+      </row>
+      <row>
+       <entry>
+        <literal>disable_functions</literal>
+       </entry>
+       <entry><literal>""</literal></entry>
+      </row>
+     </tbody>
+    </tgroup>
+   </table>
  </para>
  <para>
   When <link linkend="ini.safe-mode">safe_mode</link> is on, PHP checks to see 
@ -51,6 +99,15 @@ allowed to access /etc/passwd owned by uid 0 in /docroot/script.php on line 2
 ]]>
   </screen>
  </para>
+  <para>
+   However, there may be environments where a strict <literal>UID</literal>
+   check is not appropriate and a relaxed <literal>GID</literal> check is
+   sufficient.  This is supported by means of the <link
+   linkend="ini.safe-mode-gid">safe_mode_gid</link> switch. Setting it to
+   <literal>On</literal> performs the relaxed <literal>GID</literal> checking,
+   setting it to <literal>Off</literal> (the default) performs
+   <literal>UID</literal> checking.
+  </para>
  <para>
   If instead of <link linkend="ini.safe-mode">safe_mode</link>, you set an 
   <link linkend="ini.open-basedir">open_basedir</link> directory then all