My scenario: I have a shared hosting account running Apache that I use for personal projects. Now a friend of mine needs a little space to put up a website for his hockey club. I decided to let him run it on my account and to give him an FTP account that limits his access to public_html/hockey.
My question: Is there a way to restrict his PHP scripts (in his hockey folder) in such a way that they couldn't access any files outside the hockey folder? I'm looking for a solution involving something like a configuration in php.ini or .htaccess. Please do not reply to tell me he should try not to access anything outside that folder. I'm trying to improve security against intentional access and accidental security holes in his code.
If you know how to run his content in kind of a sandbox environment, any constructive input is greatly appreciated.
Thanks, Simon
You can use the open_basedir
configuration setting to limit PHP's reach. For example, to set open_basedir
per directory in httpd.conf
you would write
<Directory /var/www/public_html/hockey>
php_admin_value open_basedir "/var/www/public_html/hockey"
</Directory>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With