mirror of
https://github.com/sigmasternchen/php-doc-en
synced 2025-03-16 00:48:54 +00:00
- Add documentation for safe_mode_gid and safe_mode_include_dir (closes #16691).
git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@82981 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
parent
ea30f704ff
commit
69cb80001d
2 changed files with 102 additions and 15 deletions
|
@ -1,5 +1,5 @@
|
|||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!-- $Revision: 1.52 $ -->
|
||||
<!-- $Revision: 1.53 $ -->
|
||||
<chapter id="configuration">
|
||||
<title>Configuration</title>
|
||||
|
||||
|
@ -845,6 +845,21 @@ include_path=".;c:\www\phplib"
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry id="ini.safe-mode-gid">
|
||||
<term>
|
||||
<parameter>safe_mode_gid</parameter>
|
||||
<type>boolean</type>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Whether to use <literal>UID</literal> (<literal>Off</literal>) or
|
||||
<literal>GID</literal> (<literal>On</literal>) checking upon file
|
||||
access. See <link linkend="features.safe-mode">Safe Mode</link> for
|
||||
more information.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry id="ini.safe-mode-exec-dir">
|
||||
<term>
|
||||
<parameter>safe_mode_exec_dir</parameter>
|
||||
|
@ -858,6 +873,21 @@ include_path=".;c:\www\phplib"
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry id="ini.safe-mode-include--dir">
|
||||
<term>
|
||||
<parameter>safe_mode_include_dir</parameter>
|
||||
<type>string</type>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>UID</literal>/<literal>GID</literal> checks are bypassed when
|
||||
including files from this directory and its subdirectories (directory
|
||||
must also be in <link linkend="ini.include-path">include_path</link>
|
||||
or full path must including).
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</sect2>
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!-- $Revision: 1.24 $ -->
|
||||
<!-- $Revision: 1.25 $ -->
|
||||
<chapter id="features.safe-mode">
|
||||
<title>Safe Mode</title>
|
||||
|
||||
|
@ -11,19 +11,67 @@
|
|||
especially ISP's, use safe mode for now.
|
||||
</para>
|
||||
<para>
|
||||
The configuration directives that control safe mode are:
|
||||
<programlisting role="ini">
|
||||
<![CDATA[
|
||||
safe_mode = Off
|
||||
safe_mode_gid = 0
|
||||
safe_mode_include_dir =
|
||||
safe_mode_exec_dir =
|
||||
open_basedir =
|
||||
safe_mode_allowed_env_vars = PHP_
|
||||
safe_mode_protected_env_vars = LD_LIBRARY_PATH
|
||||
disable_functions =
|
||||
]]>
|
||||
</programlisting>
|
||||
<table>
|
||||
<title>Configuration directives controlling safe mode are:</title>
|
||||
<tgroup cols="2">
|
||||
<thead>
|
||||
<row>
|
||||
<entry>Directive</entry>
|
||||
<entry>Default value</entry>
|
||||
</row>
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>
|
||||
<link linkend="ini.safe-mode">safe_mode</link>
|
||||
</entry>
|
||||
<entry><literal>Off</literal></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<link linkend="ini.safe-mode-gid">safe_mode_gid</link>
|
||||
</entry>
|
||||
<entry><literal>0</literal></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<link linkend="ini.safe-mode-include-dir">safe_mode_include_dir</link>
|
||||
</entry>
|
||||
<entry><literal>""</literal></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<link linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>
|
||||
</entry>
|
||||
<entry><literal>1</literal></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<link linkend="ini.open-basedir">open_basedir</link>
|
||||
</entry>
|
||||
<entry><literal>""</literal></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<literal>safe_mode_allowed_env_vars</literal>
|
||||
</entry>
|
||||
<entry><literal>PHP_</literal></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<literal>safe_mode_protected_env_vars</literal>
|
||||
</entry>
|
||||
<entry><literal>LD_LIBRARY_PATH</literal></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<literal>disable_functions</literal>
|
||||
</entry>
|
||||
<entry><literal>""</literal></entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
</para>
|
||||
<para>
|
||||
When <link linkend="ini.safe-mode">safe_mode</link> is on, PHP checks to see
|
||||
|
@ -51,6 +99,15 @@ allowed to access /etc/passwd owned by uid 0 in /docroot/script.php on line 2
|
|||
]]>
|
||||
</screen>
|
||||
</para>
|
||||
<para>
|
||||
However, there may be environments where a strict <literal>UID</literal>
|
||||
check is not appropriate and a relaxed <literal>GID</literal> check is
|
||||
sufficient. This is supported by means of the <link
|
||||
linkend="ini.safe-mode-gid">safe_mode_gid</link> switch. Setting it to
|
||||
<literal>On</literal> performs the relaxed <literal>GID</literal> checking,
|
||||
setting it to <literal>Off</literal> (the default) performs
|
||||
<literal>UID</literal> checking.
|
||||
</para>
|
||||
<para>
|
||||
If instead of <link linkend="ini.safe-mode">safe_mode</link>, you set an
|
||||
<link linkend="ini.open-basedir">open_basedir</link> directory then all
|
||||
|
|
Loading…
Reference in a new issue