imagejpg & safe mode & chmod()

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

first of all, my provider sucks, newsserver is down for the #nth time
now, offcourse when I have an urgent question.... So this will be me
first time using Google Groups, forgive me if something goes wrong.

The problem at hand:
In a restricted area I let a user upload an image, no problem
The image gets scaled down with imagecopyresampled(), and stored with

Problem is: because of safe_mode restrictions I cannot access it from
the server, only by
I've tried:
directly followed by:

But the same script is also refused chmod().... It should be the same
user that creates the file, but unfortunately safe_mode won't let me
chmod() it.

I'm using referring to the image later on by the URL instead of the
/path/ as a temporary solution to make it work, but now the script
doesn't have any permission to unlink() the file at a later stage,
which is functionality I desperately need. How will I be able to
achieve this?

I thought bout using an FTP connection as a temporary measure, but no
go there:
24-05-06 17:50:55 SITE CHMOD 777 /path/to/image.jpg
24-05-06 17:50:55 550  /path/to/image.jpg: Operation not permitted.

The only solution I can think of right now is to catch imagejpg() in an
output buffer, don't use the filesystem but an ftp-connection to save
the file, and chmod it by ftp afterwards. An ugly solution, but the
only thing workable right now...

open_basedir    /home/user    no value
safe_mode    On    On
safe_mode_exec_dir    /usr/local/php/bin    /usr/local/php/bin
safe_mode_gid    Off    Off
safe_mode_include_dir    no value no value

Yes I have suggested moving to other hosting, no go there.. Changing
basic php.ini settings is unfortunately not an option.

Re: imagejpg & safe mode & chmod() and uploads

Quoted text here. Click to load it

       I'm not sure how you are setup by your description above.
Your provider may have opened some permissions for you on the current
directory you are uploading to?  Normally, assuming PHP is run as a
module in Apache, your scripts will execute as the Apache user and any
file uploaded will be owned by the Apache user.  If your visitors are
able to upload files, either the directory is owned by Apache - or -
it is owned by you with open write permissions to anyone.

       Any attempt to access the file through PHP would fail after
that if safe_mode is On, because your script has a different owner
than the file you want to access.  Any attempt at chmod, from FTP
or even the command line would fail since you do not own the file.
However, and I'm pretty sure of this, if you own the directories,
you are allowed to do a 'rename' and move the file from a directory
you own to another -- or even delete the file from the directory.
Please confirm who owns the files after they are uploaded, and
who the directory owner is and directory permmissions.

John Murtari                              Software Workshop Inc.
jmurtari@following domain 315.635-1968(x-211)  "TheBook.Com" (TM)

Re: imagejpg & safe mode & chmod() and uploads

Hmmmz, newsserver was up for a minute, then down again, oh well:

The exact way thing are made now:

In the object handling the post:

    $makedir = mkdir($_SERVER['DOCUMENT_ROOT'].'/path/to/'.$id, 0777);
     $this->set_error('Could not make directory.');
     return false;
    $chmoddir = chmod($_SERVER['DOCUMENT_ROOT'].'/path/to/'.$id, 0777);
     $this->set_error('Could not set dir's permission');
     return false;
   foreach($_FILES as $file){

$imagehandler is another object, which basically validates, resizes and
    imagejpeg($new, $targetdir.'/'.$targetname);

Instead of this, I've trief touch($targetdir.'/'.$targetname), which
already gives an error.

It seems the same script which has created a dir has limited
permissions in that dir?

I've used this testscript to check some things:


  $dir = $_SERVER['DOCUMENT_ROOT'].'/images/houses/242';
  $file = '/Logo2.jpg';
  $filegroupdir = filegroup ($dir.'/');
  $filegroupfile = filegroup ($dir.$file);
  $userdir = fileowner($dir.'/');
  $userfile = fileowner($dir.$file);

  echo "Own group:".posix_getegid();
  echo "Own user:".posix_geteuid();

  echo "Dir group: ".$filegroupdir;
  echo "File group: ".$filegroupfile;

  echo "Dir user: ".$userdir;
  echo "File user: ".$userfile;

Which outputs:
Warning:  filegroup(): SAFE MODE Restriction in effect.  The script
whose uid is 1149 is not allowed to access /home/user/path/to/image.jpg
owned by uid 65534 in /home/user/path/tesst.php on line 8

Warning:  fileowner(): SAFE MODE Restriction in effect.  The script
whose uid is 1149 is not allowed to access /home/user/path/to/image.jpg
owned by uid 65534 in /home/user/path/tesst.php on line 10

Own group:65534Array
    [name] => nobody
    [passwd] => *
    [members] => Array

    [gid] => 65534
Own user:65534Array
    [name] => nobody
    [passwd] => *
    [uid] => 65534
    [gid] => 65534
    [gecos] => Unprivileged user
    [dir] => /usr/nobody
    [shell] => /sbin/nologin
Dir group: 1004Array
    [name] => group
    [passwd] => *
    [members] => Array

    [gid] => 1004
File group: -snip false-
Dir user: 65534Array
    [name] => 25m_user
    [passwd] => *
    [uid] => 1004
    [gid] => 1004
    [gecos] => User &
    [dir] => /home/25m_user
    [shell] => /usr/bin/true
File user: -snip false-

On trying to delete the image:
Warning: unlink(): SAFE MODE Restriction in effect. The script whose
uid is 1149 is not allowed to access /home/user/path/to/image.jpg
owned by uid 65534

I am very, very confused. I'll have to read up on file/userpermissions
I believe.
Everthing seems to result from a dynamically created dir, in which te
script can write, until it is terminated. Userfilowner seems the same
as myself, but not as the script...

Standard solution as touch($file) before($img,$file) won't work
I'll try creating chmodding only the directory with FTP, and saving the
images dynamically. I'll keep you updated.

Rik Wasmus

Re: imagejpg & safe mode & chmod() and uploads

Letting the script connect by FTP and creating & chmodding the
direcotiry like that will indeed make it possible to access the files
locally or unlink()ing them.

A very ugly solution IMHO, but at this time I'm just relieved that

I really should set up a server with that detestable safe_mode locally
here, this isn't funny when you're supposed to have a finished

I'll be using this snippet at home from now on a think:
$list = ini_get_all();
$phpini = '';
foreach($list as $name => $setting){
    if($setting['access'] > 3){
        $phpini = $name.' =  '.$setting['local_value'],"\n";
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="php.ini"');
echo $phpini;

Site Timeline