1 |
Hi Angel, |
2 |
|
3 |
You can try the following: |
4 |
|
5 |
In your <VirtualHost .... > </VirtualHost> set |
6 |
|
7 |
php_admin_value open_basedir "/home/sites/g/gentoo.org/"|| |
8 |
|
9 |
Now all scripts in the vhost is bound to that base directory. |
10 |
|
11 |
Regards, |
12 |
|
13 |
Patrick |
14 |
|
15 |
PS: here's a link to the php.net site about open_basedir: |
16 |
http://nl2.php.net/manual/en/features.safe-mode.php#ini.open-basedir |
17 |
|
18 |
|
19 |
Angel Freire wrote: |
20 |
|
21 |
>Hi, |
22 |
> |
23 |
>I guess that this has been asking so I just ask for a reference to the a |
24 |
>thread where mi question is answer because I can't find it. |
25 |
> |
26 |
>In this scenario: |
27 |
> |
28 |
>One webserver that sets Apache User and Group per VirtualHost, with many |
29 |
>of these, and each one in a different htdocs of course. |
30 |
> |
31 |
>If VirtualHost A has some php files with an access mask like 777 (common |
32 |
>in hostings) and VirtualHost B 'guess' the VH A full dir it can trough |
33 |
>fopen or many other ways open these file. |
34 |
> |
35 |
>How can I stop users from do that? |
36 |
> |
37 |
>Thanks, |
38 |
>Angel |
39 |
> |
40 |
> |
41 |
> |