I just ran into a problem with a WordPress blog I was setting up. I couldn’t upload any images or files to it. It turns out, my hosting provider, Nearly Free Speech.net, uses PHP safe_mode by default. It’s not that difficult to overcome, but it can be confusing when you run into it. Basically, it adds one additional level of protection to the classic user/group/other protection scheme in unix. Normally, all you need to do to allow a directory or file to be writable is to change the group to the same group that the web server is running under. For NFS.net, this is the “web” group. However, with PHP safe_mode, this doesn’t quite cut it. You also need to make sure the script that is doing the writing is also in the “web” group. A quick and dirty way to do this would be the following commands.
$ cd /home/public
$ chgrp -R web *
$ cd /home/public/wp-content/
$ mkdir uploads
$ chgrp web uploads/
$ chmod g+w uploads/
The first chgrp is the “quick and dirty” part. That sets the group for all your files to web. It’s much safer to find out which scripts are actually doing the writing and set only those to the web group. NFS.net was nice enough to write this up as well in a blog post a few years back. Writing Files in PHP