file_exists returns false when file is owned by other user

chrismcb · **Posted:** Wed Nov 30, 2011 1:39 pm

I'm having an issue just now - and I'm guessing it's either ASL or Suhosin that's causing it - with the file_exists function in PHP.

It will return false when the owner of the file is anything other than the vhost user.

In this instance, it is a WordPress upload, owned by apache:apache.

Changing it to user:psacln, file_exists returns true.

Any advice?

faris · **Joined:** Thu Dec 09, 2004 11:19 am **Posts:** 1846

I wouldn't have thought it would be ASL or Suhosin.

It seems reasonable to assume that it is actually just PHP, and possibly meant to be that way.

Even though the file exists, php can't access it, so maybe that's why it gets a 0 return code?

I note that http://php.net/manual/en/function.file-exists.php says "This function returns FALSE for files inaccessible due to safe mode restrictions" and goes on to say "The check is done using the real UID/GID instead of the effective one" which I think implies I'm probably right.

There are some code examples on the page that get around this, but that's not what you want with WP.

chrismcb · **Posted:** Thu Dec 01, 2011 5:43 am

Thanks Faris.

That prompted me to double check that my setting of safe_mode = off was actually working.

On this vhost, it isnt!

It has the same settings as other domains in the new Plesk 10 "subscriptions", plus I created a vhost.conf file for it, explicit setting safe_mode to off, but it still reports as turned on!

Code:

php_admin_flag safe_mode off

Any ideas as to why this would still be reported as on?

mikeshinn · **Posted:** Thu Dec 01, 2011 5:45 pm

What are you using to report this? phpinfo, btw, is not reliable so if you are using that dont trust it.

And no, ASL can't do this. In ASL safe mode is globally on or off, it has no capability to apply or not not apply this to specific domains, so you can rule ASL out (and I'm going to move the thread accordingly).

chrismcb · **Posted:** Thu Dec 01, 2011 5:50 pm

It was just a quick php check:

Code:

if( ini_get('safe_mode') ){
echo "Safe mode is on";
}else{
echo "Safe mode is off";
}

On this domain, it echos the off line, when on other domains, the same code echo's on.

I have also disabled all plugins in Wordpress temporarily, just to make sure nothing could be interfering and tested it on a stand-alone script, outside the WP code.

mikeshinn · **Posted:** Thu Dec 01, 2011 6:26 pm

So do you have php safe on globally and other domains report it as on, but not this domain? Are you disabling it for this domain? Just trying to understand the conditions. :-)

faris · **Joined:** Thu Dec 09, 2004 11:19 am **Posts:** 1846

I don't know if safe_mode can be adjusted from .htaccess but I seem to recall seeing a .htaccess in most WordPress sites. Check there just in case?

chrismcb · **Posted:** Fri Dec 02, 2011 8:00 am

The server has safe_mode on by default, using Plesk's option to disable it for certain domains that need more flexibility (like ones which use WP).

The "safe_mode off" directive is handled by Plesk, but I also put it in vhosts.conf for the domain to test - which should force it off too.

As an aside, can anyone post the content of their file below, running Plesk 10.4.4?
Due to the poor upgrade (As always), this got garbled (my own fault) and I'm wondering now if I've missed a line out when rebuilding it.

Code:

/usr/local/psa/admin/conf/templates/default/service/php.php

Thanks

chrismcb · **Posted:** Mon Dec 05, 2011 6:55 am

Anyone able to help with the file above please?

faris · **Joined:** Thu Dec 09, 2004 11:19 am **Posts:** 1846

sorry chris!

this is from the *pre-release* 10.4.4 on centos 5, 64bit.

Code:

<IfModule <?php echo $VAR->server->webserver->apache->php4ModuleName ?>>
<?php
if ($OPT['enabled']) {
    echo "php_admin_flag engine on\n";

    if (isset($OPT['settings'])) {
        echo $OPT['settings'];
    }

} else {
    echo "php_admin_flag engine off\n";
}
?>
</IfModule>

<IfModule mod_php5.c>
<?php
if (array_key_exists('enabled', $OPT) && $OPT['enabled']) {
    echo "php_admin_flag engine on\n";

    if (isset($OPT['settings'])) {
        echo $OPT['settings'];
    }

} else {
    echo "php_admin_flag engine off\n";
}
?>
</IfModule>

chrismcb · **Posted:** Thu Dec 08, 2011 7:35 am

Thanks - that sort of matched what I had - but after playing about with all the different vhost.conf settings etc, nothing worked.

I then came across this topic on the Parallels forum:
http://forum.parallels.com/showthread.php?t=100835

Which gave the pretty simple command of:

Code:

# /usr/local/psa/bin/domain --update domain.com -php_safe_mode false

Which worked immediately!

For me, there are just too many places in Plesk for all of these options without enough support - especially since configuration options have changed multiple times since v9!

file_exists returns false when file is owned by other user

Who is online