|
|
Posted by Rocky Zhou on 03/22/07 02:50
Thank you. It works.
On 3月21日, 下午8时40分, Mike Roetgers <miker...@informatik.uni-bremen.de>
wrote:
> Rocky Zhou schrieb:
>
> > Today I found a problem, when I wrote a section of PHP code like this:
>
> > <?php
> > $fp = fopen("/etc/passwd","r");
> > if($fp)
> > {
> > echo 'ok!';
> > $result = fread($fp,
> > 8192);
> > return $result;
> > echo $result;
> > }
> > else
> > {
> > echo 'no!';
> > }
> > ?>
>
> > I found that it realy can read the passwd file! I'm not very familiar
> > with PHP, so I don't know is there any configuration options to limit
> > this behavior(in php.ini)? I think it isn't the apache problem, so it
> > do no favor to modify httpd.conf, is it?
>
> > I googled and get some infomation like 'open_basedir' parameter. But
> > my LAMP sites have many virtual host, every host blongs to different
> > user, his/her 'DocumentRoot' belongs to a system user like this:
> > ls /www/users -l
> > drwx--x--x 17 user_elnzpjps ftpd 4096 Mar 13 16:42 test11.com
> > So I think it is not a good idea to make open_basedir to be 'www/
> > users', because it's a problem when one user can read the files of
> > another.
>
> > So, what is the resolution?
>
> > Thank you.
>
> You can define a different open_basedir for every VirtualHost.
> <VirtualHost xxx.xxx.xxx.xxx:xx>
> ServerNamewww.domain.de
> DocumentRoot /var/www/domain/
> User user
> Group group
> php_admin_value open_basedir /var/www/domain/
> </VirtualHost>
Navigation:
[Reply to this message]
|