Configuration Setting: safemodehack

This tries to solve bug 179 where DokuWiki can not write to directories it created itself. It does so by using FTP to log into your server and creating the directory that way. It requires the FTP PHP module to be installed on the server.

  • Type: Boolean
  • Default: 0
As the name suggests, this is a hack and not recommended. Safemode itself is a setting that even the developers of PHP despise, it will be removed from future PHP versions all together.
If you can, disable PHP's safemode instead of using this hack. Many providers will disable it for your site if you ask them nicely.

When to use this hack


On some hosts with restrictive settings there are limitations on PHP's filesystem functions, e.g. mkdir() etc. To be more specific, the settings are:
  1. safe_mode = On
  2. safe_mode_gid = Off
A first indication for the need of the SafeMode Hack is the encounter of error messages like this:
Writing ....../data/cache/9/9243162ecf6295fc6a1c487ca46c20fe.i failed
The directory …./data/cache/9/ will exist1) but it will not be writable by DokuWiki. This is a typical symptom of the safe mode restriction. DokuWiki can't write to directories created by it self.

Usage


To enable it, set safemodehack to 1 and enter your FTP credentials into the config file. (i.e. conf/local.php Or just go to the Configuration Manager, which offers a great GUI for changing settings of DokuWiki.)
If you have already tried running DokuWiki without the Safemodehack Option, you have to remove the subdirectories of /data/cache to have them recreated with the correct UID in order for everything to work.
Example Config:
$conf['safemodehack'] = 1;
$conf['ftp']['host'] = 'localhost';
$conf['ftp']['port'] = '21';
$conf['ftp']['user'] = 'user';
$conf['ftp']['pass'] = 'password';  // plain text (see below)
$conf['ftp']['root'] = '/home/user';
You may need to relax the directory permissions as well to make sure the webserver is allowed to write to the new directories. The safemodehack alone may not solve the problem, since your FTP user has probably a different UID than the webserver. Change the dmode option from 0755 to 0777 may be required.

Security Warning


Using this method requires your ftp password to be stored in plain text in one of DokuWiki's configuration files. These files may be world readable.
Since Release Candidate 2009-01-26 the password may be obscured2) by being uuencoded. Setting the password using the admin/config settings page will do this automatically.

Which value to use for the root option

When DokuWiki tries to create a directory it strips the root part from the path before creating it over FTP. To do so it needs some info about the environment it will find at your FTP-server.
Imagine you installed DokuWiki in /home/user/htdocs/dokuwiki with /home/user/htdocs/dokuwiki/data as datadir. When you log in with FTP you are chrooted to '/home/user', which means creating a directory /foo through FTP will really result in a directory /home/user/foo on the server. To tell DokuWiki about this you need to set $conf['ftp']['root'] to /home/user/.
So if DokuWiki tries to create the directory /home/user/htdocs/dokuwiki/data/mynamespace the safemode hack strips the root part resulting in htdocs/dokuwiki/data/mynamespace this directory then will be created via FTP.
If your FTP Server doesn't use any chroot (eg. you can cd up to / of the WebServer) you can leave the root option empty.
To find the place where your are chrooted to on a webhost you first have to find out the absolute path in which DokuWiki resides. This is usually something like /srv/www/htdocs/your-ftp-username/html/dokuwiki, but you can find it out, by e.g. checking the PHP environment using this short script:
 phpinfo(); ?>
This will print the webserver's PHP settings on the screen where you will find all the details. When you have the absolute path, log into your FTP account and compare what you see there with this path. Try moving to upper directories until it you reach the top. Now look which part of the absolute path you can see. If you are chrooted you probably can only see the html directory.
So, if for example the username for your webspace is web123, and if you are chrooted to /srv/www/htdocs/web123, you have to set the root value to:
$conf['ftp']['root'] = '/srv/www/htdocs/web123';
 

Notes

  • My ISP has both these safe_mode settings (see one of my sites for php_info), and I create pages with no need for the hack. It may depend on other variables too (mathiasm).
    • Possible Answer: The main difference between my non working settings and those of your ISP is that in your case PHP is run as CGI (Server API: CGI) where as in my case PHP is set up as Apache2 module (Server API: Apache 2.0 Handler). Might that be the cause that makes your installation work despite the safe_mode settings?
  • I did a “mkdir 1 2 3 4 5 6 7 8 9 0 a b c d e f” in data/cache and chmoded all these to 777. This seems to be a workaround, too.
    • This is not really a solution, because DokuWiki needs to create subdirectories for namespaces as well, with the above method you'll still not be able to create new namespaces
    • If you don't need new namespaces, this is a workaround!
  • The safemodehack may only work if you have the possibility of using the ftp service. I tried it with only webdavs available. Neither the ftp-hack nor a similar webdav configuration worked. So I'll have to try something else.

See also

  • 1) check this, if doesn't exist you probably have a different problem
    2) this is not meant to be security, simply to prevent casual revelation
    3) check the disable_functions value in phpinfo output


Category Article

One Response to “c0decstuff”

What's on Your Mind...

Thank f' u C0mment