I am having a similar problem with Windows2000, IIS5, and the latest stable
PHP. I don't believe Safe Mode works in a Windows environment anyways,
because it does not understand Windows permissions as far as ownership.
However, I was told to use the open_basedir option which in php.ini. You
set it to the root of where you want files to be able to be opened from.
For example open_basedir = c:\inetpub\wwwroot\ which would only allow them
to open files located somewhere in that directory or a sub-directory under
it. Or you're supposed to be able to do something like open_basedir = .
which is supposed to tell it that a PHP script can only open files in the
directory and sub-directories where the script resides. This would be the
best option. But this does not work either. So if someone knows how to
secure a Windows 2000/IIS server from allowing people to open files from
anywhere on the server, we would greatly appreciate knowing how.
Erick
"Eric R. Gavin" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I've looked all around on this stuff to no avail. It appears that Safe
Mode
> just isn't working on my machine. I'm running PHP as a CGI executable and
> with the config option:
>
> safe_mode = on
>
> I can still merrily delete files from the root of my C:
>
> Before I get a response of, "Well, just change the file system
privileges."
> It should be pointed out that I'm not doing that so that I can TEST safe
> mode. IIS has a lot of little hidden areas that need to be executable,
> writeable, etc.; and it would be TREMENDOUSLY difficult for me to secure
> this whole thing via file system privs. Enter Safe Mode.
>
> Or so I thought. Safe mode just seems to not be working at all. The UID
of
> the script I'm running is 0 and yet the UID of the root directory is 0.
>
> I AM, however, running all my virtual web servers as their own user. I
have
> confirmed this by denying privileges to Everyone on the root and producing
> failure; and then granting privileges ONLY to the web server "user" for
the
> root and getting success.
>
> So file system privs are working; but I'm confused as to why the uid of
the
> script is 0. This is the case even for a script that is not "owned" (NT
> file system-wise) by the Administrators group.
>
> Am I missing something?
>
> Thanks,
>
> Eric Gavin
>
>
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
