Daniel Kolbo wrote:
> Hello PHPers,
> I am quite ignorant about file system security.   I was hoping you all
> could help me understand things.
> How does one restrict php script from going (reading, writing) files in
> the file system?
> As I see it, a php programmer could change the include_path, with
> ini_set(), use "../" etc..., and browse all the files on the server to
> which the php engine has access.  This would clearly not be acceptable
> to a web host company, so how do most hosts restrict this kind of
> behaviour?
> Now, suppose i only have php access to my 'files' as defined by my host
> somehow.  (again, my first part of the question is how do they do
> this?).  Is it possible for me to further restrict this file
> accessibility for different sub-folders?  Let me provide an example
> folder hierarchy and user scenario.
> Suppose there are two php programmers (me and you).  I want full access,
> but I want to restrict you to your subdomain (subdomain2).
> +AllUsers (me and you)
> +Domain1
> ++Subdomain1 (me only)
> ++Subdomain2 (me and you)
> ++SharedDomain (me and you)
> +ServerFile1 (me only)
> +ServerFile2 (me only)
> +SecretFile (no user)
> Thanks for helping understand how to restrict/limit different php
> programmers from going into places I'd rather them not go.
> dK

Two methods come to mind, chroot and just setting perms for specific dirs.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to