Re: [cgiwrap-users] cgiwrap and php

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Wed, Aug 29, 2001 at 09:45:24AM +1000, Jack Olszewski wrote:
> <b>Warning</b>:  SAFE MODE Restriction in effect.  The script whose
> uid is 99 is not allowed to access /www/dran/index.php owned by uid
> 502 in <b>/home/dran//E/runphp.cgi</b> on line <b>5</b><br>
> ...
> ---------------------------------------------------------------------
> 
> The question is why php sees the uid of /home/dran//E/runphp.cgi as
> still 99 despite its change into 502 by cgiwrap.
> 
> Hope someone might be able to explain,

I will try to.

1. The message is not from cgiwrap, but from php - that is clear.
   Then it is probably not cgiwrap related, the OT.
2. You have in line 5 of /home/dran//E/runphp.cgi
   something like
    require('/www/dran/index.php');
   where /www/dran/index.php is owned by 502 and /home/dran//E/runphp.cgi
   is owned by 99.

3. Lets check it a while:

% cat > testres.php
<?php
require('/etc/passwd');
?>

% php -f testres.php 
PHP Warning:  SAFE MODE Restriction in effect.  The script whose
  uid is 202 is not allowed to access /etc/passwd owned by uid
  0 in testres.php on line 2

% ls -lan testres.php /etc/passwd
-rw-r--r--   1 0        0              x Aug 27 09:43 /etc/passwd
-rw-r--r--   1 202      200           33 Aug 29 09:37 testres.php

For running the php programs from the cgiwrap, you can try
the patch available at:
  http://www.klaban.torun.pl/patches/cgiwrap/
But I need to check if it compiles cleanly with the last cgiwrap
release - the most recent will be available today.

Best regards,

-- 
Piotr Klaban