Preventing php includes into another user's home dir

Discussion in 'Server Operation' started by Colum, Aug 26, 2008.

  1. Colum

    Colum New Member

    I am running lighttpd and I have mod_userdir, and I want to prevent users from making a file called foo.php in /home/user/foo.php and be able to include /home/user2/foo2.php from foo.php

    How would I go about doing this?
     
  2. Ben

    Ben ISPConfig Developer ISPConfig Developer

    this is more about the php config. For this purpose check the safe_mode and open_basedir access restriction policies in your php.ini
     
  3. Colum

    Colum New Member

    doesn't open_basedir mess up scripts like phpbb3?
     
  4. Ben

    Ben ISPConfig Developer ISPConfig Developer

    I don't use phpBB* at all, so I can't tell.... the question is then, if that's a problem of open_basedir or phpBB....

    But you are right, open_basedir restrictions can sometimes take you in trouble, e.g. when using pear's AJAX or similar things. But then you just have to correct your open_basedir and safemode's openbasedir thing for your specific vhost, or globally. (in case of adminCPs like ISPCOnfig it's not that easy, but possbile for general changes :-\)
     

Share This Page