[TYPO3-english] Configure Typo3 4.2.10 to work with php safe_mode=on

[Peter Russ]

--- Original Nachricht ---
Absender:   De Contardi Riccardo
Datum:       02.12.2009 15:35:
> Hello everybody. I've an urgent problem:
> 
> I need to turn on the "safe mode" in php.ini (safe_mode = on) (I know, I know: it's deprecated since php 5.3, but I use 5.2.4
> on a Linux enviroment), but...doing so Typo3 (ver.4.2.10) is not able to find some essential external programs that allow it to work properly, i.e. sendmail image magick (maybe even catdoc, xlhtml, ppthtml, pdftotext, pdfinfo, too: actually, I haven't checked yet)
> 
> I was not lucky searching a good online documentation on this topic, so can anyone help me to find out how to configure T3 to cohexist "safely" with "safe mode"?
> 
> My configuration is the following:
> 
> allow_url_fopen = off
> open_basedir = /var/www/asseprim:/tmp:/var/lib/typo3_src-4.2.10:/usr/lib/sm.bin
> safe_mode = on
> safe_mode_gid = on
> safe_mode_include_dir = /var/www:/tmp:/var/lib/typo3_src-4.2.10:/usr/lib/ImageMagick-6.3.7:/usr/sbin/sendmail:/etc/alternatives/sendmail:/usr/bin/catdoc:/usr/bin/xlhtml:/usr/bin/ppthtml:/usr/bin/unrtf:/usr/bin/pdftotext:/usr/bin/pdfinfo
> 
> Thank you in advance

Point is that you are not providing pathes but files, e.g 
/etc/alternatives/sendmail

That will never work.

Best solution is to create an additional directory that apache can 
access and symlink all required programs into that: e.g 
/etc/php5/apache2/secure-bin/
and provide that infromation to:
safe_mode_include_dir = /etc/php5/apache2/secure-bin/

Settings we used for testing that worked for us:

drwxr-xr-x  2 root root 4096 Jan  9  2007 .
drwxr-xr-x  3 root root 4096 Jan  9  2007 ..
lrwxrwxrwx  1 root root   18 Jan  9  2007 composite -> /usr/bin/composite
lrwxrwxrwx  1 root root   16 Jan  9  2007 convert -> /usr/bin/convert
lrwxrwxrwx  1 root root   11 Jan  9  2007 gs -> /usr/bin/gs
lrwxrwxrwx  1 root root   17 Jan  9  2007 identify -> /usr/bin/identify
lrwxrwxrwx  1 root root   14 Jan  9  2007 mysql -> /usr/bin/mysql
lrwxrwxrwx  1 root root   18 Jan  9  2007 mysqldump -> /usr/bin/mysqldump
lrwxrwxrwx  1 root root   13 Jan  9  2007 perl -> /usr/bin/perl
lrwxrwxrwx  1 root root   18 Jan  9  2007 sendmail -> /usr/sbin/sendmail
lrwxrwxrwx  1 root root    8 Jan  9  2007 tar -> /bin/tar
lrwxrwxrwx  1 root root   14 Jan  9  2007 touch -> /usr/bin/touch
lrwxrwxrwx  1 root root   15 Jan  9  2007 uptime -> /usr/bin/uptime
lrwxrwxrwx  1 root root   15 Jan  9  2007 whoami -> /usr/bin/whoami
lrwxrwxrwx  1 root root   12 Jan  9  2007 zip -> /usr/bin/zip

Hopes that helps.
That's all I can provide for that obsolete solution.

Peter.

loans that change lives http://www.kiva.org

_____________________________
uon GbR
http://www.uon.li
http://www.xing.com/profile/Peter_Russ