Pretty sure that the way to fix this will be to make sure that PHP just
can't read those files... so that the apache (or whatever server) user
that runs the PHP [module/binary] doesn't have access to read them.
If you are concerned specifically about /etc/passwd, shadow it. You can
find more information in the HOWTO's off of RedHat's site or at
This may not be correct, but I'm fairly certain. I trust someone will
correct me if I'm wrong.
From: Yacoon [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 08, 2001 12:18 AM
To: [EMAIL PROTECTED]
Subject: [PHP] open_basedir
i´m new to the list and to php, so please don´t jump to hard on me, when
think the question is dump.
okay: is there a possibility to make a server only execute the php
in the document root it was called from?
I saw something about open_basedir, but am not sure if that is the way.
I badly need to protect the server from i.e. includes, that read out or
manipulated server config files, like passwd.
I have systems run under redhat, if that matters. could anyone please
let me know how and where?
I´ll definatelly need the correct syntax, since that’s my main-problem
thanks a lot - ulrich
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]