From owner-freebsd-isp@FreeBSD.ORG Sat Aug 23 12:25:02 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C124916A4BF for ; Sat, 23 Aug 2003 12:25:02 -0700 (PDT) Received: from ns1.kolorbit.com (ns1.kolorbit.com [81.31.32.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E14443F75 for ; Sat, 23 Aug 2003 12:25:01 -0700 (PDT) (envelope-from info@kolorbit.com) Received: from celeron1700 ([195.22.18.81]) by ns1.kolorbit.com (8.12.9/8.12.9) with SMTP id h7NIXfrd041722; Sat, 23 Aug 2003 20:33:46 +0200 (CEST) (envelope-from info@kolorbit.com) Message-ID: <016101c369ab$ce10d6c0$511216c3@celeron1700> From: =?iso-8859-1?Q?Marco_Gon=E7alves?= To: References: Date: Sat, 23 Aug 2003 20:21:44 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: Evren Yurtesen Subject: Re: php security X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Aug 2003 19:25:02 -0000 Well, in the shell you should take that care, for ex: ls -al on /home dr-xrwx--- 8 www domain1 - 512 Aug 15 12:19 domain1/ dr-xrwx--- 9 www domain2 - 1024 Aug 23 15:51 domain2/ in web server with php these directives in httpd in each virtualhost dont let others do something like except the user in right domain php_admin_value open_basedir "/home/domain/" php_admin_value safe_mode_include_dir "/home/domain/" ----- Original Message ----- From: "Evren Yurtesen" To: "Marco Gonçalves" Cc: Sent: Saturday, August 23, 2003 7:51 PM Subject: Re: php security > Yes I see, but still the question is the same. > When a user upload a file, how can I make it sure that only the user in > shell and the web server can read this file? > > Evren > > On Sat, 23 Aug 2003, [Windows-1252] Marco Gonçalves wrote: > > > Email TemplateThis is allready been discussed here in this list some weeks ago, here's what i use since > > > > > > php_admin_flag safe_mode on > > php_admin_value open_basedir "/home/domain/" > > php_admin_value safe_mode_include_dir "/home/domain/" > > php_admin_value upload_tmp_dir "/home/domain/tmp/" > > * > > > > Best regards > > > > Marco Gonçalves > > info@kolorbit.com > > > > > > -------------------------------------------------------------------------- > > > > Web: http://www.kolorbit.com > > Tm: 91 893 48 23 / 93 419 55 01 / 96 874 88 86 > > Seg. a Sáb. das 10h às 20h > > > > > > > > > > -------------------------------------------------------------------------- > > > > > > ----- Original Message ----- > > From: "Evren Yurtesen" > > To: > > Sent: Saturday, August 23, 2003 5:04 PM > > Subject: php security > > > > > > > I wonder how can I let users to upload files with php but have the > > > safe_mode on also? > > > > > > Do you have any suggestions for virtual hosting environments? > > > > > > Evren > > > > > > _______________________________________________ > > > freebsd-isp@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >