PHP's safe_mode can't access /tmp

[mimic]

Hello!

Since a few weeks ago, we're getting errors when we try to run our customers in safe_mode.

Warning: session_start() [function.session-start]: SAFE MODE Restriction in effect. The script whose uid is 1038 is not allowed to access /tmp owned by uid 0 in /home/--customer--/domains/---domainname---/public_html/config/config.php on line 26

We'd like to run our customers in safe_mode, because some can have faulty php-scripts, which can compromise the server's security.

We had to disable safe_mode on all domains to ensure good working of the sites that use the session_start() function.

As a test, i've chmodded /tmp to 777, but that didn't help.

drwxrwxrwt 4 root root 217088 2010-08-12 11:21 tmp

When the domain is not in safe_mode, the sessions can be created.

And, I'm not completely sure, we run php chrooted.

Where do I begin to resolve this matter?

 

[mimic]

Can somebody help? *bump*

 

[yourivdlans]

I ran into the same problem today, had to disable safe_mode everywhere.
Does anyone have a solution for this?

 

[SeLLeRoNe]

create a tmp directory in your public_html and let php script point there? Should be a working workaround with safemode.

Regards

 

[mimic]

After mailing with DirectAdmin support a while ago, we figured out the problem lied within the php.ini.

Could you post a link to a php file on your server with <? phpinfo(); ?> please?

 

[SeLLeRoNe]

to mine phpinfo? Why that should be necessary?

 

[mimic]

Wanted to check if the same problem occured to you. This is what John mailed me:

Hello,

In the output you've provided, I'm seeing this:

session.save_path no value no value

It should be showing us /tmp.

Check your php.ini, and any .htaccess files, or script configs that may be affecting this.

Note that the ; character mean to be "commented out" in the php.ini

Ensure to restart apache after making a change.

Thank you,

John

 

[SeLLeRoNe]

In mine php.ini ive got this

;session.save_path = "/tmp"

And is commented aswell...

 

[mimic]

Uncomment that. Save the file and restart apache.

Turn on safe_mode again for a website, and test if it works. If not, post the error here.

 

[SeLLeRoNe]

Why i should change my configuration on a production server that isw working correctly?

Ive all customer with safe_mode ON and no problem facing,

My /tmp is:

drwxrwxrwt   6 root root 1142784  9 mag 12:09 tmp

If your session_path is disabled aswell your problem is not in php.ini i suppose.

Regards