httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Graham Frank" <gfr...@neoservers.com>
Subject [users@httpd] php_admin_flag question
Date Thu, 19 Jan 2006 02:13:00 GMT
Hello.

I am trying to restrict a open_basedir to the document root of the domain.
So I have the following in httpd.conf.

<Location />
  php_admin_value open_basedir /
</Location>

That isn't working.  I've tried it using <Directory /> as well.  I'm still
able to fopen("/etc/passwd");  How could I make it so that a person in say
/home/username/domain.com can only include from /home/username/domain.com
and not /etc/passwd (for example)?  I would turn on safe_mode, but files are
uid:gid the client's FTP account while apache doesn't suexec to their
username and runs httpd:httpd.

Thanks!

-------------------------------------------------------------------
Graham Frank
Neoservers LLC (http://www.neoservers.com/)
Founder and Owner


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message