Pretty sure that the way to fix this will be to make sure that PHP just
can't read those files... so that the apache (or whatever server) user
that runs the PHP [module/binary] doesn't have access to read them.  

If you are concerned specifically about /etc/passwd, shadow it.  You can
find more information in the HOWTO's off of RedHat's site or at

This may not be correct, but I'm fairly certain.  I trust someone will
correct me if I'm wrong.

Good Luck,

-----Original Message-----
From: Yacoon [mailto:[EMAIL PROTECTED]] 
Sent: Sunday, July 08, 2001 12:18 AM
Subject: [PHP] open_basedir


im new to the list and to php, so please dont jump to hard on me, when
think the question is dump.

okay: is there a possibility to make a server only execute the php
in the document root it was called from?
I saw something about open_basedir, but am not sure if that is the way.

I badly need to protect the server from i.e. includes, that read out or
manipulated server config files, like passwd.
I have systems run under redhat, if that matters. could anyone please
let me know how and where?
Ill definatelly need the correct syntax, since thats my main-problem

thanks a lot - ulrich

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to