Rights issue / safe mode PHP

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

(Suse 9.0, Apache 2.048, PHP 4.3.3 - all default install from SuSe ISO)

I have in my wwwroot folder (/srv/www/htdocs) a folder called counters.
I have embedded a page counter script into several of the webpages I

ls -lias for htdocs, and below the one for htodocs/counters
 5197        1 drwxr-xr-x       8 pjotr  root          480 Aug  1 09:36
 131618    2 drwxrwxrwx    2 pjotr  users          1592 Aug  3 17:23

If I run the counter.php script from a browser (embedded) the counter txt
file  is owned by the web server process:
 131651    4 -rw-r--r--    1 wwwrun   www             2 Aug  3 13:41

If I removed the rxw rights for other on counters, the script fails. So far
I get it, since wwwrun is not in group users.
But then i though, why not change ownership of counters to wwwrun, group to
www and remove rxw for all others.

So I gett
 131618    2 drwxrwxrwx    2 wwwrun   www          1592 Aug  3 17:23

But even before removing rwx for others I get the following error when
running the counter script:
Warning: fopen(): SAFE MODE Restriction in effect. The script whose uid is
500 is not allowed to access /srv/www/htdocs/counters owned by uid 30 in
/srv/www/htdocs/counter.php on line 26

Tempting as it is to disable SAFE MODE I know that is probably not good
practice. What am I missing here ? I just don't get this.
Peraps my entire security setup is not good for this server. Do I have to
change ownership of the higher directories as well ?
I am not too happy about a directory writable and executable to all the
world. I can hardly imagine that is safe practice.
So any help appreciated.


Site Timeline