Hi I have discovered about this problem, I've got a sever running apache and php. We now have many virtual hosts but we have observed that the potentially malicious user can use his web space to browse other user's files(using a simple php script) as well as system files, this might happens because of the php permissions. A exit would be to set outdoors_basedir var in php.ini, yhis really is easy in one host system, but just in case of virtual hosts there will be a basebir per each host.

Ho can one set dis basedir per each user/host? it is possible to method to let apache hereditate php rights from the php file that's been asked for

E.G. /home/X_USER/index.php has as owner X_USER, when apache browse the file index.php it inspections its path and owner, simply I am searching for something set php basedir variable to that particular path.

Thank ahead of time Lopoc

You'll be able to set open_basedir on the per-directory basis while using php_admin_value Apache directive.

Example in the manual:

<Directory /docroot>
  php_admin_value open_basedir /docroot 
</Directory>

Re your comment: yes, exterior instructions aren't impacted by open_basedir - when calling ls / this is accomplished using the privileges the consumer account PHP runs under (frequently named www or similar). So far as I understand, it's not easy to extend open_basedir to exterior instructions.

For the reason that situation, I do not think the type of protection that you are searching for can be done inside a normal Apache/PHP setup. The only real factor that maybe comes close is running Apache inside a chroot jail. I've not carried this out myself and so i can't say anything about this - you'd need to search in and perhaps request an issue particularly about this.