How can I disallow a user's scripts from accessing anything above their user folder?

Posted by Jaxo on Server Fault See other posts from Server Fault or by Jaxo
Published on 2014-06-04T04:18:32Z Indexed on 2014/06/05 3:28 UTC
Read the original article Hit count: 147

Filed under:
|

This is probably an extremely simple question to answer for anybody who knows what they're doing, but I can't find any answers myself. I'm trying to set up a subdirectory for my good friend to test his PHP scripts on my (Apache) hosting plan. I don't want to let him access anything else on my server, however, for obvious reasons.

His FTP login already leads him to the proper directory, which does not allow navigating any higher than it's root (mydomain.com/friend/). I would like the same behavior to be applied to any scripts, so he cannot simply

<?php print_r(glob("../*")); ?>

and view all my files. I'm thinking this can be done with an .htaccess file setting the DocumentRoot somewhere, but I can't have the file available for modification inside the user directory.

Is this possible without majorly rewiring the web server? I've tried Googling all sorts of things to describe my problem, but without the proper terminology, all I get is "shared hosting" websites and people trying to sell me security packages.

© Server Fault or respective owner

Related posts about apache-2.2

Related posts about security