Hi everybody,
I'm trying to provide users of the system with their own userdir with php enabled. I installed mod_userdir and modified /etc/apache2/mods-enabled/userdir.conf as follows: <IfModule mod_userdir.c> UserDir /var/www/public UserDir disabled root <Directory /var/www/public/*> AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Require method GET POST OPTIONS </Directory> </IfModule> Of course I do have security concerns. The main one is preventing /alice/ from creating a php file that is able to read from /bob/'s webroot. /Alice/ cannot read /bob/'s webroot via filesystem since it's owned by bob:www-data and she's not bob and also not member of www-data. But the server of course can. I've seen something like php_admin_value open_basedir . which is promising but also prevents /alice/ from navigate her own directories. Is there any way to define the open basedir to /var/www/public/<username>? I've seen of php-fpm but I don't think it could fit: users could change dynamically and also uses a lot of memory(?). Thanks in advance, Marco