Hello, I followed this tutorial: http://www.howtoforge.com/how-to-set-up-apache2-with-mod_fcgid-and-php5-on-debian-lenny It is good that user web1 cannot read the files of web2 but web1 can read the whole filesystem. Is there an easy way to stop web1 walking through the whole filesystem? I think it is not a good idea that web1 can read all configuration options, passwd file and many more files. This simple code: Code: <?php $a = `cat /etc/passwd`; echo $a; <? reads the passwd file despite of setting the open_basedir = /var/www in the php.ini file. Thanks in advance, Nikolay
mod_chroot ? He is right. Unless you switch on safe_mode in php.ini, one can read /etc/passwd this way. Wouldn't it be better to have mod_chroot in conjuction with mod_fcgid ? Will there be a howto?