What Is Safe Mode In PHP: Need For Disabling/Enabling PHP Safe Mode

What is safe mode in PHP?

The PHP safe mode is an attempt to solve the shared-server security problem. When safe mode is on, PHP checks to see if the owner of the current script matches the owner of the file to be operated on by a file function or its directory. For example:

-rw-rw-r-- 1 sam sam 33 Jul 1 19:20 test.php
-rw-r--r-- 1 root root 1116 May 26 18:01 /etc/passwd

Running test.php:

<?php
readfile('/etc/passwd');
?>

results in this error when safe mode is enabled:

Warning: SAFE MODE Restriction in effect. The script whose uid is 600 is not
allowed to access /etc/passwd owned by uid 0 in /home/www/script.php on line 2.

But, safe mode restrictions often results in many problems and reduced performance. The Content Management Systems like “Joomla installation” will not work when safe mode is enabled. The core problem with safe mode is its inconsistency; some basic functions required by web scripts would simply not work with PHP safe mode enabled. Because of the limitations, this feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.

How to enable/disable PHP safe mode?

In order to enable or disable safe mode, you need to edit the PHP configuration file, php.ini.

1. Find the location of system php.ini file

Execute the following command to find the php.ini location:

php –i | grep php.ini

2. Add the following line in php.ini

To enable safe_mode,

safe_mode = On

To disable safe_mode,

safe_mode = Off

3. Test it with the help of phpinfo.php

Contents of phpinfo.php script:

<?php

phpinfo();

?>

The other security measures provided by PHP - open_basedir and disable_functions - can be used as an alternatives to safe_mode.

Bobbin Zachariah 4:11 pm

About Bobbin Zachariah

Founder of LinOxide, passionate lover of Linux and technology writer. Started his career in Linux / Opensource from 2000. Love traveling, blogging and listening music. Reach Bobbin Zachariah about me page and google plus page.

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.