#1  
Old 17th April 2009, 22:57
CarbonCopy CarbonCopy is offline
Member
 
Join Date: Apr 2009
Posts: 52
Thanks: 1
Thanked 2 Times in 2 Posts
Default chroot for php

I have a directory structure like this:

/www/site1.com/
/www/site2.com/
/www/site3.com/

My FTP is setup so the user is chrooted to their home dir, /home/user with symlinks to the domains they are allowed in, for example:

/home/user1/site1.com -> /www/site1.com
/home/user1/site3.com -> /www/site3.com
/home/user2/site2.com -> /www/site2.com

Now I want it so when PHP scripts execute, user2 cannot access files in user1's folders, and user1 cannot access files in user2's folder

Not even directory listings

So how, in detail would I do this, or is there a guide to do this (Using apache 2.2 and PHP5).

I would prefer not having all my apache files in 1 directory, but I suppose I could give it a try. I only have 1 active site on my server, so some downtime isn't too big of a deal, but I would still rather not do it that way.

Thanks

-Brandon
Reply With Quote
Sponsored Links
  #2  
Old 18th April 2009, 17:00
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,752 Times in 2,582 Posts
Default

You can do this with PHP Safe Mode. http://de2.php.net/features.safe-mode
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 18th April 2009, 20:02
CarbonCopy CarbonCopy is offline
Member
 
Join Date: Apr 2009
Posts: 52
Thanks: 1
Thanked 2 Times in 2 Posts
Default

I tried that and was still able to get a directory listing of /etc/

Code:
<?php

//define the path as relative
$path = "/etc";

//using the opendir function
$dir_handle = @opendir($path) or die("Unable to open $path");

echo "Directory Listing of $path<br/>";

//running the while loop
while ($file = readdir($dir_handle)) 
{
   echo "<a href='$file'>$file</a><br/>";
}

//closing the directory
closedir($dir_handle);

?>
Reply With Quote
  #4  
Old 19th April 2009, 17:27
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,752 Times in 2,582 Posts
Default

Then you didn't implement safe mode correctly.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 19th April 2009, 17:28
CarbonCopy CarbonCopy is offline
Member
 
Join Date: Apr 2009
Posts: 52
Thanks: 1
Thanked 2 Times in 2 Posts
Default

phpinfo() tells me safe mode is on, how else should I implement it?
Reply With Quote
  #6  
Old 20th April 2009, 12:50
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,752 Times in 2,582 Posts
Default

Try something like this:

Code:
php_admin_flag safe_mode On
php_admin_value open_basedir /www/site1.com/
php_admin_value file_uploads 1
php_admin_value upload_tmp_dir /www/site1.com/phptmp/
php_admin_value session.save_path /www/site1.com/phptmp/
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 22nd April 2009, 06:20
CarbonCopy CarbonCopy is offline
Member
 
Join Date: Apr 2009
Posts: 52
Thanks: 1
Thanked 2 Times in 2 Posts
Default

That makes sense, but how can I do it on a per site basis?
Reply With Quote
  #8  
Old 22nd April 2009, 16:14
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,752 Times in 2,582 Posts
Default

You'd have to add this to each vhost.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 23rd April 2009, 10:52
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
 
Default

But then this has nothing to do with safe mode as open_basedir restricts the access directories afaik without safe_mode as well.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Bind chroot configuration Toffee Installation/Configuration 6 13th March 2009 16:51
Improper use of CHROOT enviroment X secure file transfer between customer and admin. adrenalinic Installation/Configuration 1 21st December 2008 22:48
Howto add programes to chroot users? badgerbox76 Server Operation 7 8th April 2008 23:21
Postfix chroot ? knivla Server Operation 9 21st July 2007 07:35
ssh chroot works, but no scp for chroot users zokahn HOWTO-Related Questions 5 30th January 2006 10:33


All times are GMT +2. The time now is 10:11.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.