Setting the open_basedir in the Apache conf file for each virtual host should do the trick. At least on my server, with "php_admin_value open_basedir /home/david" set under the section for my domain I can't see any files outside my home directory. With safe_mode turned on, I think that even prevents users from uploading to their directories. Hope this helps, David Price -----Original Message----- From: cp@unknown [mailto:cp@unknown]On Behalf Of Christian Politz Sent: Monday, July 09, 2001 10:15 AM To: [EMAIL PROTECTED] Subject: [PHP] PHP security FAQ Hi, i have a question concerning PHP and virtual hosting. Is it still true that we need Apache's suExec mechanism to protect the users against each other in a virtual domain setup? I think with open_basedir i can prevent users from (over)writing other users files. And with safe_mode on i can prevent evil things like system("cat /etc/passwd"); And when i set the directory permissions like rwx-----x dom1user /www/domain1.com rwx-----x dom2user /www/domain2.com (the directories in domain-tree (eg htdocs, cgi-bin) can have other permissions) i can prevent that the users read out foreign directories. So i can't see any reason why i shouldn't use the module version of PHP for a multiple domain setup. Or did i miss something? I would be really happy to hear your opinions. Thanks in advance, Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
