Hi everybody, i have php5 running as apache mod and php4 as cgi. in my apache config i set an open_basedir for each vhost. is it possible to set individual basdirs for php4-cgi too? I want to forbid users to acccess files of other users. all user dirs have the same uid and guid (FTP setup is pureftpd with virtual hosting)
In httpd.conf: Code: ScriptAlias /php4-cgi "/usr/lib/cgi-bin/php4" AddHandler php-script .php4 Action php-script /php4-cgi for .php4 files to be parsed with php4-cgi a sample of a vhost config: Code: <VirtualHost *:80> ServerAdmin [email protected] ServerAlias domain www.domain ServerName domain DocumentRoot /home/www/domain/htdocs/ <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /home/www/domain/htdocs/> Options -Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all php_admin_value open_basedir /home/www/domain </Directory> <Directory "/usr/lib/cgi-bin/php4"> php_admin_value open_basedir /home/www/domain </Directory> ScriptAlias /cgi-bin/ /home/www/domain/cgi-bin/ <Directory "/home/www/domain/cgi-bin"> AllowOverride None Options ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /home/www/domain/log/error.log LogLevel warn CustomLog /home/www/domain/log/access.log combined ServerSignature On </VirtualHost> The part <Directory "/usr/lib/cgi-bin/php4"> php_admin_value open_basedir /home/www/domain </Directory> was just added for testing but has no effect on php4-cgi...
I'm not quite sure if open_basedir, safe mode, etc. work for PHP-CGI because it was developed primarily for mod_php. For the CGI versions you can use suExec and suPHP.
safe_mode is already working because it was defined in php.ini I got an idea... maybe it will work with parameters to php4-cgi...
Now its working fine... the solution if someone is interested: create a direktory to store a php4 startscript for each user like /var/www/php4 then create a bash script named domain or so in this directory containing Code: #!/bin/sh unset SERVER_NAME unset SERVER_SOFTWARE unset GATEWAY_INTERFACE unset REQUEST_METHOD /usr/lib/cgi-bin/php4 -d open_basedir=/home/www/domain '$*' then edit the vhost apache config and add: Code: ScriptAlias /php4-cgi "/var/www/php4/domain" AddHandler php-script .php4 Action php-script /php4-cgi 4 env variables are dropped but safemode with open_basedir is working