[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 218
  • Last Modified:

Restricting PHP's disk access to its own virtual host

I have this setup:

- Red Hat 7.2
- PHP 4 (Apache module)
- Apache 1.3 (running as nobody:nobody)
and several name-based virtual hosts running on this system using the same IP.

I would like to set it so that PHP scripts running on a certain virtual host cannot access the other host's disk structure. In this way, www.domain.com's scripts won't be able to snoop through www.otherdomain.com's files.

Is this possible at all?

(I don't mind using PHP's Safe Mode at all if required)

Thank you.
0
poisa
Asked:
poisa
1 Solution
 
Alf666Commented:
Yep. You have to use safe_mode.

safe_mode = on

Then in your <VirtualHost>:

php_admin_flag engine on
php_admin_value open_basedir "/<whatever>/domain.com/htdocs:/tmp"

This makes /tmp a common storing place.

You you could also have a tmp directory in each of your domains tree.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now