Hi I have discovered about this problem, I've got a sever running apache and php. We now have many virtual hosts but we have observed that the potentially malicious user can use his web space to browse other user's files(using a simple php script) as well as system files, this might happens because of the php permissions. A exit would be to set outdoors_basedir var in php.ini, yhis really is easy in one host system, but just in case of virtual hosts there will be a basebir per each host.
Ho can one set dis basedir per each user/host? it is possible to method to let apache hereditate php rights from the php file that's been asked for
E.G. /home/X_USER/index.php has as owner X_USER, when apache browse the file index.php it inspections its path and owner, simply I am searching for something set php basedir variable to that particular path.
Thank ahead of time Lopoc
You'll be able to set
open_basedir on the per-directory basis while using
php_admin_value Apache directive.
Example in the manual:
<Directory /docroot> php_admin_value open_basedir /docroot </Directory>
Re your comment: yes, exterior instructions aren't impacted by
open_basedir - when calling
ls / this is accomplished using the privileges the consumer account PHP runs under (frequently named
www or similar). So far as I understand, it's not easy to extend
open_basedir to exterior instructions.
For the reason that situation, I do not think the type of protection that you are searching for can be done inside a normal Apache/PHP setup. The only real factor that maybe comes close is running Apache inside a chroot jail. I've not carried this out myself and so i can't say anything about this - you'd need to search in and perhaps request an issue particularly about this.
You are able to set many php.ini configurations while using Apache configuration file.
See these related pages in the PHP manual: - http://php.internet/manual/en/configuration.changes.php - http://world wide web.php.internet/manual/en/ini.core.php#ini.sect.path-directory - http://world wide web.php.internet/manual/en/configuration.changes.modes.php