> > >You don't want user 1's web applications to be able to access data in user > > >2's web application storage space. > > I will only be using mod_php. In the past, without the user shell > > accounts, this has worked rather well for me in combination with the > > "open_base_dir" directive in the VirtualHost. > > This binds PHP's abilities to the specified directory (or directories) > > for that specific virtual host. > > > > Am I overlooking something with that setup? > > I get the impression from your reply this might be rather unsafe?
A timely note: http://www.theregister.co.uk/2007/07/03/mpack_reloaded/ 'SANS Institute researchers conclude. "Check if your hosting company uses chroot and/or suExec because that is the only way to make sure that your own web site will not be compromised by other users sharing the same physical server."'
