Yeah, it's suexec right now, but it won't be on the new server. As I nerded out and talked about some other post (too lazy to look where right now) it's going to run peruser MPM in apache itself. Apache itself will fork a user-owned process to serve all content for that account... script or no script. This lets me use mod_php again, putting PHP directly into apache, instead of calling it as a separate runtime. It also eliminates the need for the executable bit and strict permissions as required currently by suexec.
As for the tarball thing... maybe on the new server, but for the most part, people should just be able to connect with their SCP or FTP client and then drag/drop their whole public_html (or even home) folder. I setup the filesystem with that in mind. Hence why each user has their mysql tables actually stored inside their home directory, although they can't write to those files directly, as that would be BAD, it does make for an easy backup scenario as I just described.
Gallery 2.2 has a huge thread about safe mode, but the main thing seems this...
You cannot use pipes or redirects when executing system calls which is painful (though not insurmountable) for the graphics manipulation packages like NetPBM that expect to use pipelining.
mkdir() will not allow you to create new directories unless the parent directory has the same UID as the process being executed. This means that Gallery will not be able to create it's data directories under the top-level "albums" directory that you created using ssh/ftp -- your ISP will have to chown the top-level directory for you in order for you to successfully install Gallery.
You cannot call set_time_limit() in safe mode, which means that Gallery cannot do anything that takes longer than 30 seconds (or whatever the server is configured to allow). This means that at the 30 second mark, your operation will be interrupted. Since the most commonly used database (MySQL) in its most commonly implemented setup (MyISAM) does not allow transactions, this means that you virtually guarantee data corruption when your long operation fails.
The thread (found at
http://gallery.menalto.com/node/3017 ) has a point about safe mode basically being what you use if you have no BETTER way to secure things... I totally agree, it's basically a workaround for a flawed model of webservers. That is, that the website and the webserver are owned by the same user, which is rarely the case in any multiuser environment these days. Suexec or the peruser MPM I talk about above are much better ways of doing security, and pretty much obsolete safe mode.
That said, I personally find gallery to be needlessly complicated code for what should be a rather simple task. I haven't used the 2.x series much, but about 40% of the bot/hack attacks I've had to deal with were from bugs in users various gallery (1.x) installs... another 50% were bugs in phpBB installs. I'm not saying don't use it if it's what you want. Just keep it up to date when they release bug fixes, and maybe take a look to see if there's some lighter weight code somewhere that still does what you need. I personally wrote my own simple gallery/thumbnail maker. It's one file, and does really nothing but accept uploads, let you title/date them, and automatically make a thumbnail.
http://xepher.xepher.net/images/ Code is
http://xepher.xepher.net/images/code.phps It's 4kb, and requires nothing outside of PHP itself. Gallery is 9.5 MB! and also requires external programs to process images. To me, that just means a lot of room for bugs and potential exploits, mostly in features and such that I'd never even use. I'm betting someone out there has written something that'll do what you need without being as much overkill as gallery is. Totally your choice though.
