I know that this was topic of some threads. In my case there's a dedicated server available running php as cgi and all files are chown to the appropriate user. I don't want to deactivated Safe Mode but can't change to filesystem storing.

Is there a workaround for storing attachments in the filesystem if Safe Mode is enabled but running PHP as CGI and suexec?

It doesnt matter if the server is running php as a cgi.

Just ad the path as noted in the admincp when setting the safe_mode options.

And it's still not possible - at least with Vbulletin - to use the filesytem for storing attachments when safe mode is enabled.
The problem is that VB creates several directories where the attachments get stored and when safe mode is enabled, the directories may be successfully created, but they can't be accessed.
A workaround would be to edit the PHP files that all attachments get stored in the same directory, without such a modification you'll need to use the Database as storage. :(

My server is configured that permission won't be a problem, so it's just a limitation of vbulletin :( Thanks for the replies.

And it's still not possible - at least with Vbulletin - to use the filesytem for storing attachments when safe mode is enabled.


That is an incorrect statement.

If you have the paths set correctly and permissions set correctly, there is no issue to use the file system for storage when safe_mode is enabled.

He performs a check if safe-mode is enabled. So he blocks the attempt to move the files from database to filesystem.

If this is a dedicated server as you stated in your 1st post, then have your system admin or host correct the issue.

There are no limitations when running safe_mode & filesystem storage, the files go directly to the file system, not to the db, then the file system, there is only a marker i nthe db to state were the file is on the file system.

If you have the paths set correctly and permissions set correctly, there is no issue to use the file system for storage when safe_mode is enabled.

Yes - it completely is incorrect without any doubt because it's even incorrectly stated here http://www.vbulletin.com/docs/html/main/attachment_storage_db_to_fs1

Ever looked how the "uploads" directory looks like ? It's a dir with several sub directories and again sub directories that PHP creates. Now you'll maybe see the problem with "Safe Mode" and accessing directories PHP created itself.

Yes - it completely is incorrect without any doubt because it's even incorrectly stated here http://www.vbulletin.com/docs/html/main/attachment_storage_db_to_fs1

Ever looked how the "uploads" directory looks like ? It's a dir with several sub directories and again sub directories that PHP creates. Now you'll maybe see the problem with "Safe Mode" and accessing directories PHP created itself.


Im sorry, but you are again incorrect, if the server permissions & ownership are correct, there is no issue storing images in the file system & the server running in safe_mode, if you would like me to prove you wrong with your own server, i can show you if you like?

Images != attachments ;)

If you talk about customavatars / customsignaturpics and these directories, that's a single directory.
Attachments or how VB calls it the "uploads" directory - there PHP is called to create a directory structure where the attachments are stored. When Safe Mode is enabled the user running those PHP scripts differs from the User the Webserver is running under so Safe Mode prevents file operations in these directories.
If the user running the PHP scripts doesn't differ from the use the Webserver is running under - let's call that user "dummy" and both PHP and IIS / Apache run as user "dummy" there're for sure other problems than storing attachments in the filesystem or the database.
Let this user own the PHP scripts - sorry - who's doing such stupid things should care about some much more important things first than thinking about where to store attachments.

So yes - feel free to show me how you can bypass Safe Mode - I'll even create a directory with a 777 directory but sorry if I won't change any user / group owners and activate PHP's chown / chmod / system and all the other calls nobody should have activated on it's server.

Why dont you want to deactivate safe mode ?

Its completely pointless on a dedicated server.

In fact, SM is pretty much obsolete anyway, and has been removed in php 6.

Images != attachments ;)
Let this user own the PHP scripts - sorry - who's doing such stupid things should care about some much more important things first than thinking about where to store attachments.

Why would we change ownership on the php files?

Now your jumping to conclusions... I never said anything about changing ownership of files.

Safe Mode uses an UID check / GID can be enabled as well so if the UID of the calling PHP script doesn't match the UID of the directory it should write the process will fail.
And - that should be regarded as "must have" - the UID should be different from the UID Apache or more specific PHP is running under. Though this also means new directories are created with the "PHP UID" - not the "Files UID" if these terms can be used and due of the Safe Mode limitations - well

php.net/manual/en/features.safe-mode.php

Regarding to the entire Safe Mode - Suhosin / mod_sec / suExec might be a better solution :)