Hi,
I'd like to ask if it's possible to run somehow a web-side part of cacti 0.8 with PHP in safe_mode ON.
Everything works fine in safe_mode ON except graph generation - graphs are not generated and in httpd error log appears:
ERROR: can't parse '-'
ERROR: can't parse '-'
ERROR: can't parse '-'
ERROR: can't parse '-'
I use Apache 1.3.27, PHP 4.3.2 and cacti 0.8
Thanks for any suggestions,
Petr
cacti in safe_mode
Moderators: Developers, Moderators
When I teoreticly analyzed cacti, I get this idea: cacti becomes of two part - a command part, which is called from cron - interpreted by CLI PHP, where safe mode is OFF - this part gets data from PERL and other scripts and stores them in database. In this step everything works fine.
Second part (run by httpd and PHP with safe mode ON) gets data from database and generates graphs. I guess there is the problem I sent last time (ERROR: can't parse '-' and graphs are not generated). I really don't know what's going on in cacti code... But is it really necessary to call system functions in web-side part of cacti?
Second part (run by httpd and PHP with safe mode ON) gets data from database and generates graphs. I guess there is the problem I sent last time (ERROR: can't parse '-' and graphs are not generated). I really don't know what's going on in cacti code... But is it really necessary to call system functions in web-side part of cacti?
I guess I was not thinking completely when I posted my original response. You are right... I only use backticks in the command line only cmd.php. From the web frontend, I use popen() to call RRDTool to generate graphs, which is supported by safe_mode I believe.
I will try and test this on my PHP installation tonight/tomorrow.
-Ian
I will try and test this on my PHP installation tonight/tomorrow.
-Ian
safe-mode, any news?
Hi raX,
I'd like to ask if there is anything new in safe-mode problem?
I tried some laboring on cacti last night but with no effect ;(
I'd like to ask if there is anything new in safe-mode problem?
I tried some laboring on cacti last night but with no effect ;(
cacti, safe_fome function replacement suggestion ;)
Hi raX!
I played with cacti under safe_mode again and as described in PHP documentation thare's no way how to get work the shell_exec() function under safe_mode ON.
I tried to look for another function similar to shell_exec() and found function passthru http://cz.php.net/manual/en/function.passthru.php. I believe this one should work if safe_mode_include_dir includes required bin's or symlinks (rrdtool, snmpwalk, snmpget, etc.)
What do you think about this idea?
Have a nice weekend
I played with cacti under safe_mode again and as described in PHP documentation thare's no way how to get work the shell_exec() function under safe_mode ON.
I tried to look for another function similar to shell_exec() and found function passthru http://cz.php.net/manual/en/function.passthru.php. I believe this one should work if safe_mode_include_dir includes required bin's or symlinks (rrdtool, snmpwalk, snmpget, etc.)
What do you think about this idea?
Have a nice weekend
-
koitsu
local non safe-mode for cacti
There is still possibility to run Cacti in "local" non safe-mode which should be set in Apache's VirtualHost via php_admin flag.
I use that on our production server where PHP runs in safe mode globally.
example:
<VirtualHost some_ip>
ServerName some_name
DocumentRoot some_place
php_admin_flag safe_mode off
</VirtualHost>
raX: I'm not sure if it's documented but if not I suggest to release a list of executable bins that cacti uses/requires for people who runs PHP in safe mode or chrooted Apache/PHP
I use that on our production server where PHP runs in safe mode globally.
example:
<VirtualHost some_ip>
ServerName some_name
DocumentRoot some_place
php_admin_flag safe_mode off
</VirtualHost>
raX: I'm not sure if it's documented but if not I suggest to release a list of executable bins that cacti uses/requires for people who runs PHP in safe mode or chrooted Apache/PHP
-
Guest
here's an example of the thing i think causes the problem:
----------
/somewhere/rrdtool graph - \
--imgformat=PNG \
--start=-86400 \
--end=-300 \
--title="Localhost - Processes" \
....
...
..
----------
This tries to write the graph in standart out / due to the '-' thing after the 'graph' / and in safe mode it can't. I must notice that this is so even if the 'HTML Export Path' is set. If cacti tries to write the graphs only in the specified path, i believe this problem could be solved. Although there might pop others - but if graph_image.php could check if there is something in that path and if there is - to use the graphics there as a source of the img, rather than trying to write them on the fly.
Unfortunately i still can't find a way to make it write the graphs in the specified path only.
Just a try.. I might not even look at the right direction..
----------
/somewhere/rrdtool graph - \
--imgformat=PNG \
--start=-86400 \
--end=-300 \
--title="Localhost - Processes" \
....
...
..
----------
This tries to write the graph in standart out / due to the '-' thing after the 'graph' / and in safe mode it can't. I must notice that this is so even if the 'HTML Export Path' is set. If cacti tries to write the graphs only in the specified path, i believe this problem could be solved. Although there might pop others - but if graph_image.php could check if there is something in that path and if there is - to use the graphics there as a source of the img, rather than trying to write them on the fly.
Unfortunately i still can't find a way to make it write the graphs in the specified path only.
Just a try.. I might not even look at the right direction..
Who is online
Users browsing this forum: No registered users and 3 guests