I have a directory structure like this: /www/site1.com/ /www/site2.com/ /www/site3.com/ My FTP is setup so the user is chrooted to their home dir, /home/user with symlinks to the domains they are allowed in, for example: /home/user1/site1.com -> /www/site1.com /home/user1/site3.com -> /www/site3.com /home/user2/site2.com -> /www/site2.com Now I want it so when PHP scripts execute, user2 cannot access files in user1's folders, and user1 cannot access files in user2's folder Not even directory listings So how, in detail would I do this, or is there a guide to do this (Using apache 2.2 and PHP5). I would prefer not having all my apache files in 1 directory, but I suppose I could give it a try. I only have 1 active site on my server, so some downtime isn't too big of a deal, but I would still rather not do it that way. Thanks -Brandon
I tried that and was still able to get a directory listing of /etc/ Code: <?php //define the path as relative $path = "/etc"; //using the opendir function $dir_handle = @opendir($path) or die("Unable to open $path"); echo "Directory Listing of $path<br/>"; //running the while loop while ($file = readdir($dir_handle)) { echo "<a href='$file'>$file</a><br/>"; } //closing the directory closedir($dir_handle); ?>
Try something like this: Code: php_admin_flag safe_mode On php_admin_value open_basedir /www/site1.com/ php_admin_value file_uploads 1 php_admin_value upload_tmp_dir /www/site1.com/phptmp/ php_admin_value session.save_path /www/site1.com/phptmp/
But then this has nothing to do with safe mode as open_basedir restricts the access directories afaik without safe_mode as well.
