|
|
Posted by Mike Roetgers on 03/21/07 12:40
Rocky Zhou schrieb:
> Today I found a problem, when I wrote a section of PHP code like this:
>
> <?php
> $fp = fopen("/etc/passwd","r");
> if($fp)
> {
> echo 'ok!';
> $result = fread($fp,
> 8192);
> return $result;
> echo $result;
> }
> else
> {
> echo 'no!';
> }
> ?>
>
> I found that it realy can read the passwd file! I'm not very familiar
> with PHP, so I don't know is there any configuration options to limit
> this behavior(in php.ini)? I think it isn't the apache problem, so it
> do no favor to modify httpd.conf, is it?
>
> I googled and get some infomation like 'open_basedir' parameter. But
> my LAMP sites have many virtual host, every host blongs to different
> user, his/her 'DocumentRoot' belongs to a system user like this:
> ls /www/users -l
> drwx--x--x 17 user_elnzpjps ftpd 4096 Mar 13 16:42 test11.com
> So I think it is not a good idea to make open_basedir to be 'www/
> users', because it's a problem when one user can read the files of
> another.
>
> So, what is the resolution?
>
> Thank you.
>
You can define a different open_basedir for every VirtualHost.
<VirtualHost xxx.xxx.xxx.xxx:xx>
ServerName www.domain.de
DocumentRoot /var/www/domain/
User user
Group group
php_admin_value open_basedir /var/www/domain/
</VirtualHost>
Navigation:
[Reply to this message]
|