Posted by cmk128 on 02/09/07 08:30

On 2月8日, 下午5時43分, Czapi <c....@ask.me> wrote:
> cmk...@hotmail.com wrote:
> > My problem is : if user A is uploaded a php file, user A can use php
> > to read user B directory. How can i isolate them?
> > That mean if there is php file in /phpspace/usera/index.php, how can i
> > make it can read the directory phpspace/usera only?
>
> Simply use umask or force files to have specific access rights:
>
> user not in group www,
> web server user in group www,
> files group: www,
> files mode: rw-r----- (640).
>
> Simple - user won't be able to read...
>
> And for a more secure option man chroot (use apaches virtualhost directive).
>
> Safe mode might help as well.
>
> --
> Cz.

Hi Cz
My english is too bad, so let you misunderstand. I think virtual
host doesn't help, because they are all in the same virtual host.
Let me try to explain my question again: I have a website
myhost.mydomain.com, there are two php files:
http://myhost.mydomain.com/usera/a.php
http://myhost.mydomain.com/userb/b.php
suppose a.php is located in /usera/a.php.
How can i make a.php can only fread() it's own directory, rather than
the whole harddisk.

thanks
from Peter (cmk128@hotmail.com)

[Back to original message]