The PHP safe mode is an attempt to solve the shared-server security problem. When safe mode is on, PHP checks to see if the owner of the current script matches the owner of the file to be operated on by a file function or its directory. For example:
-rw-rw-r-- 1 sam sam 33 Jul 1 19:20 test.php
-rw-r--r-- 1 root root 1116 May 26 18:01 /etc/passwd
results in this error when safe mode is enabled:
Warning: SAFE MODE Restriction in effect. The script whose uid is 600 is not
allowed to access /etc/passwd owned by uid 0 in /home/www/script.php on line 2.
But, safe mode restrictions often results in many problems and reduced performance. The Content Management Systems like “Joomla installation” will not work when safe mode is enabled. The core problem with safe mode is its inconsistency; some basic functions required by web scripts would simply not work with PHP safe mode enabled. Because of the limitations, this feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.
How to enable/disable PHP safe mode?
In order to enable or disable safe mode, you need to edit the PHP configuration file, php.ini.
1. Find the location of system php.ini file
Execute the following command to find the php.ini location:
php –i | grep php.ini
2. Add the following line in php.ini
To enable safe_mode,
safe_mode = On
To disable safe_mode,
safe_mode = Off
3. Test it with the help of phpinfo.php
Contents of phpinfo.php script:
The other security measures provided by PHP - open_basedir and disable_functions - can be used as an alternatives to safe_mode.