[TYPO3-english] Configure Typo3 4.2.10 to work with php safe_mode=on

Allan Jacobsen Allan.J at cobsen.dk
Wed Dec 2 17:32:27 CET 2009 

Peter Russ skrev:
> --- Original Nachricht ---
> Absender:   De Contardi Riccardo
> Datum:       02.12.2009 15:35:
>> Hello everybody. I've an urgent problem:
>>
>> I need to turn on the "safe mode" in php.ini (safe_mode = on) (I 
>> know, I know: it's deprecated since php 5.3, but I use 5.2.4
>> on a Linux enviroment), but...doing so Typo3 (ver.4.2.10) is not able 
>> to find some essential external programs that allow it to work 
>> properly, i.e. sendmail image magick (maybe even catdoc, xlhtml, 
>> ppthtml, pdftotext, pdfinfo, too: actually, I haven't checked yet)
>>
>> I was not lucky searching a good online documentation on this topic, 
>> so can anyone help me to find out how to configure T3 to cohexist 
>> "safely" with "safe mode"?
>>
>> My configuration is the following:
>>
>> allow_url_fopen = off
>> open_basedir = 
>> /var/www/asseprim:/tmp:/var/lib/typo3_src-4.2.10:/usr/lib/sm.bin
>> safe_mode = on
>> safe_mode_gid = on
>> safe_mode_include_dir = 
>> /var/www:/tmp:/var/lib/typo3_src-4.2.10:/usr/lib/ImageMagick-6.3.7:/usr/sbin/sendmail:/etc/alternatives/sendmail:/usr/bin/catdoc:/usr/bin/xlhtml:/usr/bin/ppthtml:/usr/bin/unrtf:/usr/bin/pdftotext:/usr/bin/pdfinfo 
>>
>>
>> Thank you in advance
>
> Point is that you are not providing pathes but files, e.g 
> /etc/alternatives/sendmail
>
> That will never work.
>
> Best solution is to create an additional directory that apache can 
> access and symlink all required programs into that: e.g 
> /etc/php5/apache2/secure-bin/
> and provide that infromation to:
> safe_mode_include_dir = /etc/php5/apache2/secure-bin/
That should be:
safe_mode_exec_dir = /etc/php5/apache2/secure-bin/
>
> Settings we used for testing that worked for us:
>
> drwxr-xr-x  2 root root 4096 Jan  9  2007 .
> drwxr-xr-x  3 root root 4096 Jan  9  2007 ..
> lrwxrwxrwx  1 root root   18 Jan  9  2007 composite -> /usr/bin/composite
> lrwxrwxrwx  1 root root   16 Jan  9  2007 convert -> /usr/bin/convert
> lrwxrwxrwx  1 root root   11 Jan  9  2007 gs -> /usr/bin/gs
> lrwxrwxrwx  1 root root   17 Jan  9  2007 identify -> /usr/bin/identify
> lrwxrwxrwx  1 root root   14 Jan  9  2007 mysql -> /usr/bin/mysql
> lrwxrwxrwx  1 root root   18 Jan  9  2007 mysqldump -> /usr/bin/mysqldump
> lrwxrwxrwx  1 root root   13 Jan  9  2007 perl -> /usr/bin/perl
> lrwxrwxrwx  1 root root   18 Jan  9  2007 sendmail -> /usr/sbin/sendmail
> lrwxrwxrwx  1 root root    8 Jan  9  2007 tar -> /bin/tar
> lrwxrwxrwx  1 root root   14 Jan  9  2007 touch -> /usr/bin/touch
> lrwxrwxrwx  1 root root   15 Jan  9  2007 uptime -> /usr/bin/uptime
> lrwxrwxrwx  1 root root   15 Jan  9  2007 whoami -> /usr/bin/whoami
> lrwxrwxrwx  1 root root   12 Jan  9  2007 zip -> /usr/bin/zip
>
> Hopes that helps.
> That's all I can provide for that obsolete solution.
>
> Peter.
>

-- 
MVH/Best regards
Allan Jacobsen

http://www.typomedia.dk/ Dedicated TYPO3 hosting

More information about the TYPO3-english mailing list