From 69cb80001df1b17c8582ff650410d9bdfcfebc68 Mon Sep 17 00:00:00 2001 From: Markus Fischer Date: Mon, 20 May 2002 16:38:40 +0000 Subject: [PATCH] - Add documentation for safe_mode_gid and safe_mode_include_dir (closes #16691). git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@82981 c90b9560-bf6c-de11-be94-00142212c4b1 --- chapters/config.xml | 32 +++++++++++++++- features/safe-mode.xml | 85 +++++++++++++++++++++++++++++++++++------- 2 files changed, 102 insertions(+), 15 deletions(-) diff --git a/chapters/config.xml b/chapters/config.xml index f54e80d251..3422486d71 100644 --- a/chapters/config.xml +++ b/chapters/config.xml @@ -1,5 +1,5 @@ - + Configuration @@ -845,6 +845,21 @@ include_path=".;c:\www\phplib" + + + safe_mode_gid + boolean + + + + Whether to use UID (Off) or + GID (On) checking upon file + access. See Safe Mode for + more information. + + + + safe_mode_exec_dir @@ -858,6 +873,21 @@ include_path=".;c:\www\phplib" + + + safe_mode_include_dir + string + + + + UID/GID checks are bypassed when + including files from this directory and its subdirectories (directory + must also be in include_path + or full path must including). + + + + diff --git a/features/safe-mode.xml b/features/safe-mode.xml index 77c18c1b9d..b4703ea6af 100644 --- a/features/safe-mode.xml +++ b/features/safe-mode.xml @@ -1,5 +1,5 @@ - + Safe Mode @@ -11,19 +11,67 @@ especially ISP's, use safe mode for now. - The configuration directives that control safe mode are: - - - + + Configuration directives controlling safe mode are: + + + + Directive + Default value + + + + + + safe_mode + + Off + + + + safe_mode_gid + + 0 + + + + safe_mode_include_dir + + "" + + + + safe_mode_exec_dir + + 1 + + + + open_basedir + + "" + + + + safe_mode_allowed_env_vars + + PHP_ + + + + safe_mode_protected_env_vars + + LD_LIBRARY_PATH + + + + disable_functions + + "" + + + +
When safe_mode is on, PHP checks to see @@ -51,6 +99,15 @@ allowed to access /etc/passwd owned by uid 0 in /docroot/script.php on line 2 ]]> + + However, there may be environments where a strict UID + check is not appropriate and a relaxed GID check is + sufficient. This is supported by means of the safe_mode_gid switch. Setting it to + On performs the relaxed GID checking, + setting it to Off (the default) performs + UID checking. + If instead of safe_mode, you set an open_basedir directory then all