From Local Server Method Error Message & Misc

MjrNuT

Joined: 2009-09-12
Posts: 11
Posted: Tue, 2009-09-15 08:11

Hello,

My G2 is for the most part successfully embedded within my Drupal 6.x CMS.

I've only encountered a few items that have become unresolved. Please see below and do not hesitate to ask for more information:

1. I have specified 3 different directories to be used for FTP upload of images, which then use From Local Server option to add Items. All 3 directories were verified to have 755 permissions.

/home/4g2data <==outside public_html
/home/public_ftp/incoming <===outside public_html
/home/public_html/gallery2/tmp <===inside the G2 install.

Error message attached for review.

2. The G2 photo content is desired to be private. Access is not granted to anonymous or guest. Via Drupal, this works correctly. However, using direct URL to G2 location is not blocked. Am I correct in that this is a .htaccess file issue, which the drupal module was not complete about?

3. Using Matrix theme only and cannot figure out how to remove the Login Link. Info here did not apply. NO Login Block was enabled.

Thanks in advance to your response.

AttachmentSize
LocalServerMsg.jpg190.21 KB
 
nivekiam
nivekiam's picture

Joined: 2002-12-10
Posts: 16504
Posted: Tue, 2009-09-22 13:12

1) open_basedir restrictions are in effect. Some setup on your server is interfering with how gallery gets it's data about the location of the files.

2) I know nothing about Drupal integration. Make sure it works in G2 standalone by editing the permissions.

3) search the forums, someone posted something recently about this. You can also use CSS to hide it.
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here
 
MjrNuT

Joined: 2009-09-12
Posts: 11
Posted: Wed, 2009-09-23 00:25

nivekiam,

Thanks for your reply and let me provide some updated information.

1) I got my host involved in an attempt to resolve this issue. Here are some excerpts from my support ticket to explain this as I'm not versed in it, so I'm sorry if it is deemed unneccessary:

Quote:
I can't tell you why Gallery2 is trying to do this but what it is doing is:

>>> * warning: realpath() [function.realpath]: open_basedir restriction in effect. File(/) is not within the allowed path(s): (/home/molimboc:/usr/lib/php:/usr/bin:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp) in /home/molimboc/public_html/gallery2/modules/core/classes/GalleryPlatform.class on line 938.

It is trying to access something in / (off limits)

>>> * warning: realpath() [function.realpath]: open_basedir restriction in effect. File(/home) is not within the allowed path(s): (/home/molimboc:/usr/lib/php:/usr/bin:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp) in /home/molimboc/public_html/gallery2/modules/core/classes/GalleryPlatform.class on line 938.

It is trying to access somethign in /home (again, off limits).

I can't tell you why it is trying to do this, only Gallery2 Support would be able to do so. PHP_Open_Basedir allows you to only access files within your local account otherwise you would be able to open and read any file anywhere on the server using PHP which is obviously a major security issue.

Quote:
It looks like the script is testing each and every directory all the way down to hte server base directory (/), I'm not sure why it is doing this but you should contact Gallery2 support to see what they have to say about it. It's not something that we can disable for very serious security reasons but if there is some sort of work-around for your account or this script in particular we will do what we can to put it in place.

Quote:
What I find tremendously odd is that we have configured open_basedir for Gallery2 - the directories it is trying to access which are "/" and "/home" are not something that we would ever give Gallery2 access to. Please contact Gallery2 support and ask them why the "realpath" function is trying to access these folders.

I was able to code a small work-around for the file that would prevent checks on those directories but it would be best to obtain something from Gallery2.

Can G2 Support address this?

Sidenote: Despite the displayed error message, which only occurs when I select the folder for which to import photos, the photos and albums import just fine w/o issue.

2) Issue is resolved. Nothing further.

3) Issue is resolved by editing config.php of the G2 installation.
 
nivekiam
nivekiam's picture

Joined: 2002-12-10
Posts: 16504
Posted: Wed, 2009-09-23 02:06

http://us2.php.net/manual/en/function.realpath.php

Quote:
realpath() expands all symbolic links and resolves references to '/./', '/../' and extra '/' characters in the input path . and return the canonicalized absolute pathname.

We'd need to know more about your system's setup. Post a link to phpinfo:
FAQ: How do I create a phpinfo page?

Their setup with open_basedir is different than 1000s of other hosts who have Gallery installed with open_basedir restrictions in place. What I'm saying is Gallery2 is successfully installed on 100,000s of websites that have open_basedir restrictions in place without problems.

Gallery does "autofill" in paths when you are typing them in places like when you are specifying a directory to import from for the Local Server upload method. However, on systems that have open_basedir restrictions in effect that I've seen, the "autofill" feature just doesn't work.

Also, "securing" a system like this is quite aggravating. If they allow ANY other programming language to run on their servers, like Perl or Python, which your host does, there goes all of this "security" out the door. The only true and real security comes at securing permissions at the file system level. Running php in something like php-cgiwrap to run PHP as the user's account instead of "nobody" or who ever Apache (or what ever web server) is configured to run as. Again that only secures PHP, but you can even go so far as to run Apache process as the individual users. There are advantages and disadvantages to all of these avenues and each host has to weigh these and decide on what they are going to do.
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here
 
MjrNuT

Joined: 2009-09-12
Posts: 11
Posted: Wed, 2009-09-23 06:40

Hello again nivekiam,

Thanks again for your reply on this. Firt, my phpinfo

When selecting my directory for the photos, it did autofill.

Sidenote, it took some configuring effort on the host's part to get Imagick to work.

Please let me know what recommendations to provide to my host or that I can implement myself.

Very much appreciate your time.
 
nivekiam
nivekiam's picture

Joined: 2002-12-10
Posts: 16504
Posted: Wed, 2009-09-23 12:25

Is /home/UserName/public_html a real directory under your home account or a symlink to another location like /var/www/UserName/?
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here
 
MjrNuT

Joined: 2009-09-12
Posts: 11
Posted: Wed, 2009-09-23 20:19

It is the real directory.
 
MjrNuT

Joined: 2009-09-12
Posts: 11
Posted: Sat, 2009-10-03 01:30

Hello nivekiam,

Sorry for the bump. Was wondering if you had anything further for the above about the home account directory.

Also, I decided I wanted to deactivate the URL Rewrite plugin for G2. My reasoning was to be able to utilize displaying of albums/photos using the Galler2Filter per the following:

Quote:
Syntax: [G2: item_id n= number type= type size= number class= name frame= name album_frame= name item_frame= name ]

The short urls from teh URL Rewrite don't correspond to the syntax there, unless I have no idea what I'm talking about. Well, all I did was deactivate the plugin and now going to the plugins page for G2 shows an error message. See attached. I'm not sure if anything is broke, but it screams open_basedir, which is what the initial issue of this thread was about. Can you confirm its relation, fix, recommendation?

Btw, sorry for not providing earlier my G2 Specs information

Quote:
Gallery URL = http://www.molimbocafe.com/gallery2/main.php
Gallery version = 2.3 core 1.3.0
API = Core 7.54, Module 3.9, Theme 2.6, Embed 1.5
PHP version = 5.2.11 litespeed
Webserver = LiteSpeed
Database = mysqli 5.0.81-community, lock.system=flock
Toolkits = ArchiveUpload, Exif, Getid3, ImageMagick, LinkItemToolkit, Thumbnail, SquareThumb
Acceleration = full/900, partial/900
Operating system = Linux atlantis.supportedns.com 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 08:21:56 EDT 2009 x86_64
Default theme = matrix
gettext = enabled
Locale = en_US
Browser = Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Rows in GalleryAccessMap table = 109
Rows in GalleryAccessSubscriberMap table = 254
Rows in GalleryUser table = 11
Rows in GalleryItem table = 252
Rows in GalleryAlbumItem table = 10
Rows in GalleryCacheMap table = 253

I just may move to Paid Support b/c finding information and piecing together things has just been so painful. The wiki documentation has been helpful, but only to a certain extent. I'm sure veteran ppl pick it up ok, but I'm not. For instance, the deactivating or URL Rewrite, what else do I need to revert to complete that aspect??

Thanks in advance to any words of wisedom!
 
lvthunder

Joined: 2003-09-12
Posts: 808
Posted: Tue, 2009-10-20 16:15

Do you get this when you access the standalone gallery or is it just when it's going through Drupal?
 
nivekiam
nivekiam's picture

Joined: 2002-12-10
Posts: 16504
Posted: Tue, 2009-10-20 17:09

I know I'm stuck. It's got to have to do with how something is configured on the server. Gallery runs just fine one 100,000s of sites and with open_basedir settings on many 1000s of them. Your setup/site/server is what is different here.
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here
 
MjrNuT

Joined: 2009-09-12
Posts: 11
Posted: Thu, 2009-10-22 19:08
lvthunder wrote:
Do you get this when you access the standalone gallery or is it just when it's going through Drupal?

It is from G2 embedded. I never got a chance to get it prior.

The site still runs somewhat w/o issue.

However, I think you know, recently the module for Drupal is now unsupported.

@nevikiam, I agree its a configuration issue.
 
lvthunder

Joined: 2003-09-12
Posts: 808
Posted: Mon, 2009-10-26 14:51
MjrNuT wrote:
However, I think you know, recently the module for Drupal is now unsupported.

All that means is the module maintainer doesn't have the time to go in the issue queues and help people out. He said he still has plans to make a integration module for G3 when that comes around.

Try doing it in standalone mode and see if you still get the error.