Res wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 12 May 2007, Dragon wrote:
PHP provides for this directly.
There is a restrict_base_dir setting that can be applied to each
virtual host that prevents users from accessing anything outside of
the specified directory tree.
Correct, everybody should be using this in a shared hosting
environment, and also to tighten the reins furher should use
disable_functions
The one I use and has given us no complaints except for some lame
program that wants to know the system uptime stats, which has nothing
to do with
a user anyway, even if it only wants it for the load, again, nothing
to do with user, if the load gets high (above 5 on 15 min avge) we
have alarms to let us know.
disable_functions = exec, shell_exec, system, virtual, show_source,
readfile, passthru, escapeshellcmd, popen, pclose, phpinfo
- --
Cheers
Res
Vote for your favourite MTA at http://polls.ausics.net/v3.php
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGRj6fsWhAmSIQh7MRAumRAKCf4eW3oY4sGAfEP0xewn/fZgGR8ACfaJuC
KQyQOYmGKCWvUUNNKQ1Dk9w=
=0tLW
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Would it be a wise idea to combine suEXEC with restrictions such as that
applied to php directly(and how could one go about that?)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]