From 69cb80001df1b17c8582ff650410d9bdfcfebc68 Mon Sep 17 00:00:00 2001
From: Markus Fischer <mfischer@php.net>
Date: Mon, 20 May 2002 16:38:40 +0000
Subject: [PATCH] - Add documentation for safe_mode_gid and
 safe_mode_include_dir (closes #16691).

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@82981 c90b9560-bf6c-de11-be94-00142212c4b1
---
 chapters/config.xml    | 32 +++++++++++++++-
 features/safe-mode.xml | 85 +++++++++++++++++++++++++++++++++++-------
 2 files changed, 102 insertions(+), 15 deletions(-)

diff --git a/chapters/config.xml b/chapters/config.xml
index f54e80d251..3422486d71 100644
--- a/chapters/config.xml
+++ b/chapters/config.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.52 $ -->
+<!-- $Revision: 1.53 $ -->
  <chapter id="configuration">
   <title>Configuration</title>
 
@@ -845,6 +845,21 @@ include_path=".;c:\www\phplib"
       </listitem>
      </varlistentry>
 
+     <varlistentry id="ini.safe-mode-gid">
+      <term>
+       <parameter>safe_mode_gid</parameter>
+       <type>boolean</type>
+      </term>
+      <listitem>
+       <para>
+        Whether to use <literal>UID</literal> (<literal>Off</literal>) or
+        <literal>GID</literal> (<literal>On</literal>) checking upon file
+        access. See <link linkend="features.safe-mode">Safe Mode</link> for
+        more information.
+       </para>
+      </listitem>
+     </varlistentry>
+
      <varlistentry id="ini.safe-mode-exec-dir">
       <term>
        <parameter>safe_mode_exec_dir</parameter>
@@ -858,6 +873,21 @@ include_path=".;c:\www\phplib"
       </listitem>
      </varlistentry>
 
+     <varlistentry id="ini.safe-mode-include--dir">
+      <term>
+       <parameter>safe_mode_include_dir</parameter>
+       <type>string</type>
+      </term>
+      <listitem>
+       <para>
+        <literal>UID</literal>/<literal>GID</literal> checks are bypassed when
+        including files from this directory and its subdirectories (directory
+        must also be in <link linkend="ini.include-path">include_path</link>
+        or full path must including).
+       </para>
+      </listitem>
+     </varlistentry>
+
     </variablelist>
    </sect2>
 
diff --git a/features/safe-mode.xml b/features/safe-mode.xml
index 77c18c1b9d..b4703ea6af 100644
--- a/features/safe-mode.xml
+++ b/features/safe-mode.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.24 $ -->
+<!-- $Revision: 1.25 $ -->
  <chapter id="features.safe-mode">
   <title>Safe Mode</title>
 
@@ -11,19 +11,67 @@
    especially ISP's, use safe mode for now. 
   </para>
   <para>
-   The configuration directives that control safe mode are: 
-   <programlisting role="ini">
-<![CDATA[
-safe_mode = Off 
-safe_mode_gid = 0
-safe_mode_include_dir =
-safe_mode_exec_dir = 
-open_basedir = 
-safe_mode_allowed_env_vars = PHP_ 
-safe_mode_protected_env_vars = LD_LIBRARY_PATH 
-disable_functions = 
-]]>
-   </programlisting>
+   <table>
+    <title>Configuration directives controlling safe mode are:</title>
+    <tgroup cols="2">
+     <thead>
+      <row>
+       <entry>Directive</entry>
+       <entry>Default value</entry>
+      </row>
+     </thead>
+     <tbody>
+      <row>
+       <entry>
+        <link linkend="ini.safe-mode">safe_mode</link>
+       </entry>
+       <entry><literal>Off</literal></entry>
+      </row>
+      <row>
+       <entry>
+        <link linkend="ini.safe-mode-gid">safe_mode_gid</link>
+       </entry>
+       <entry><literal>0</literal></entry>
+      </row>
+      <row>
+       <entry>
+        <link linkend="ini.safe-mode-include-dir">safe_mode_include_dir</link>
+       </entry>
+       <entry><literal>""</literal></entry>
+      </row>
+      <row>
+       <entry>
+        <link linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>
+       </entry>
+       <entry><literal>1</literal></entry>
+      </row>
+      <row>
+       <entry>
+        <link linkend="ini.open-basedir">open_basedir</link>
+       </entry>
+       <entry><literal>""</literal></entry>
+      </row>
+      <row>
+       <entry>
+        <literal>safe_mode_allowed_env_vars</literal>
+       </entry>
+       <entry><literal>PHP_</literal></entry>
+      </row>
+      <row>
+       <entry>
+        <literal>safe_mode_protected_env_vars</literal>
+       </entry>
+       <entry><literal>LD_LIBRARY_PATH</literal></entry>
+      </row>
+      <row>
+       <entry>
+        <literal>disable_functions</literal>
+       </entry>
+       <entry><literal>""</literal></entry>
+      </row>
+     </tbody>
+    </tgroup>
+   </table>
   </para>
   <para>
    When <link linkend="ini.safe-mode">safe_mode</link> is on, PHP checks to see 
@@ -51,6 +99,15 @@ allowed to access /etc/passwd owned by uid 0 in /docroot/script.php on line 2
 ]]>
    </screen>
   </para>
+  <para>
+   However, there may be environments where a strict <literal>UID</literal>
+   check is not appropriate and a relaxed <literal>GID</literal> check is
+   sufficient.  This is supported by means of the <link
+   linkend="ini.safe-mode-gid">safe_mode_gid</link> switch. Setting it to
+   <literal>On</literal> performs the relaxed <literal>GID</literal> checking,
+   setting it to <literal>Off</literal> (the default) performs
+   <literal>UID</literal> checking.
+  </para>
   <para>
    If instead of <link linkend="ini.safe-mode">safe_mode</link>, you set an 
    <link linkend="ini.open-basedir">open_basedir</link> directory then all