On Sunday 25 November 2001 03:30 pm, you wrote:
> The problem is... using PHP, they can open any file
> that is readable to nobody account (Apache user)..
> So it can read and even edit other users' files..
> Consquently, the users should be able to access only and only their home
> directories.

Short answer; you can't.

Long answer; if users have shell accounts, there is no way you can do what 
you're trying to do.  If you limit users to FTP access and PHP *only* (i.e. 
no telnet, ssh, custom CGI, Perl or other languages that can access the file 
system) then you can use PHP safe mode to at least protect PHP.

Read the Security chapter in the PHP manual.  (chapter 4, I believe)

This topic has been discussed extensively before on the list, so you may also 
want to search the list archives for more details.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to