On Sunday 25 November 2001 03:30 pm, you wrote:
> The problem is... using PHP, they can open any file
> that is readable to nobody account (Apache user)..
> So it can read and even edit other users' files..
> Consquently, the users should be able to access only and only their home
Short answer; you can't.
Long answer; if users have shell accounts, there is no way you can do what
you're trying to do. If you limit users to FTP access and PHP *only* (i.e.
no telnet, ssh, custom CGI, Perl or other languages that can access the file
system) then you can use PHP safe mode to at least protect PHP.
Read the Security chapter in the PHP manual. (chapter 4, I believe)
This topic has been discussed extensively before on the list, so you may also
want to search the list archives for more details.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]