The SME 6.0.1 and a number of e-smith/sme revisions before that use a php chroot environment (for security reasons) that restrict the functionality of the php scripts.
If you try to program or install a php script that should make a file upload from the client, you will dicover that this will not work. Reason: Linux will by default first try to upload the file to the directory /temp and from there to transfer it to the proper location of the php script from there. Because PHP is running in a security chroot, php will not have access to /temp and there will be no file upload.
One way of handling this situation (on sme 6.0.1 and earlier) is to remove the php chroot entirely. This will reduce security, but on the other hand, most Linux distros do not have this PHP chroot.
Does any of you know if this PHP chroot still exist on the SME 7B5 and if it eventually can be turned off using the same procedure as for the SME 6.0.1 ? (I have not tried yet, with the 7.0 B5)
What about "selinux" this is some aditional "chroot alike" security functions of the RedHat ES 4 and Centos 4.x Doing some experimenting on "selinux" on Centos 4.0 my conclusion (as far as I eventually understood things right) were that selinux actually tends to make a lot more problems than it solves. I guess that the selinux "functions" of Centos 4.1 is disabled on SME 7.0 B5. Is this right ?
My guess is that the php chroot is still there, and that it can be ulocked like before, and that there is no selinux. Right ... ??
Best reg Arne.
2 Replies
1331 Views