Date: Wed, 11 Jul 2007 20:20:52 +1200 From: Josh <bsd@kajs.co.nz> To: freebsd-questions@freebsd.org Subject: Securing php Message-ID: <469492E4.2030609@kajs.co.nz>
next in thread | raw e-mail | index | archive | help
I am setting up a apache + php + mysql which will have shared hosts on it,
How do I make it so that php cant read or execute files outside of
/home/user/web for example.
I know that there is safe_mode, but there must be a more definite way,
and safe_mode is gone in php6 anyway.
Is there some sort of acl/mac thing I can use, or something magical I
have not heard of yet? At the moment I am running php as a cgi with
fastcgi + suexec, so I can run each vhost under a different uid/gid.
Any ideas? Main goal: PHP instances unable to access out side of
relevant vhost document roots.
Thanks,
Josh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?469492E4.2030609>