Daniel Kolbo wrote: > Hello PHPers, > > I am quite ignorant about file system security. I was hoping you all > could help me understand things. > > How does one restrict php script from going (reading, writing) files in > the file system? > As I see it, a php programmer could change the include_path, with > ini_set(), use "../" etc..., and browse all the files on the server to > which the php engine has access. This would clearly not be acceptable > to a web host company, so how do most hosts restrict this kind of > behaviour? > > Now, suppose i only have php access to my 'files' as defined by my host > somehow. (again, my first part of the question is how do they do > this?). Is it possible for me to further restrict this file > accessibility for different sub-folders? Let me provide an example > folder hierarchy and user scenario. > Suppose there are two php programmers (me and you). I want full access, > but I want to restrict you to your subdomain (subdomain2). > > +AllUsers (me and you) > +Domain1 > ++Subdomain1 (me only) > ++Subdomain2 (me and you) > ++SharedDomain (me and you) > +ServerFile1 (me only) > +ServerFile2 (me only) > +SecretFile (no user) > > Thanks for helping understand how to restrict/limit different php > programmers from going into places I'd rather them not go. > dK >
Two methods come to mind, chroot and just setting perms for specific dirs. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
