Hello, I took me a while to get suphp running on my Strato VPS server with debian Etch but now it's working almost perfect. I have one 'litle' problem. When using a php filemanager users can browse out of there own webx folder en go into other users folders and read al files, some with passwords in it. like config.php for use with Joomla. How to solve this. I can't be the only one with this problem ? Edwin
You can specify a custom php.ini file for suphp in the apache directives field of the website and then set a php open basedir value for the website that prevents file system browsing.
Thanks again for the quick reply Found the open_base_dir in php.ini and played around with it. Users are now 'chrooted' to /var/www/ but that's nog the solution you mentioned. Do i put a copy of the original php.ini in the /var/www/webx folder edit the openbasedir value copy the directive PHPIniDir "/var/www/webx " into the apache directive field under that domain in ispconfig ?
Got it working ! the directive to use in apache is: suPHP_ConfigPath /var/www/webX/etc create the custom php.ini in /var/www/webX/etc set permissions to rw-r--r-- 0644 root:root so users cannot remove or edit. (is it possible to put it in a folder out of the users web dir ?) Add the follwowing line to this php.ini PHP: open_basedir =/var/www/webX/ Restart apache Now users are chrooted to their own folder and even with a PHP filemanager they can't escape :) I'm happy, diskquota's are working fine because of suphp and the security is better.
