How can I disallow a user's scripts from accessing anything above their user folder?
Posted
by
Jaxo
on Server Fault
See other posts from Server Fault
or by Jaxo
Published on 2014-06-04T04:18:32Z
Indexed on
2014/06/05
3:28 UTC
Read the original article
Hit count: 147
apache-2.2
|security
This is probably an extremely simple question to answer for anybody who knows what they're doing, but I can't find any answers myself. I'm trying to set up a subdirectory for my good friend to test his PHP scripts on my (Apache) hosting plan. I don't want to let him access anything else on my server, however, for obvious reasons.
His FTP login already leads him to the proper directory, which does not allow navigating any higher than it's root (mydomain.com/friend/). I would like the same behavior to be applied to any scripts, so he cannot simply
<?php print_r(glob("../*")); ?>
and view all my files. I'm thinking this can be done with an .htaccess file setting the DocumentRoot somewhere, but I can't have the file available for modification inside the user directory.
Is this possible without majorly rewiring the web server? I've tried Googling all sorts of things to describe my problem, but without the proper terminology, all I get is "shared hosting" websites and people trying to sell me security packages.
© Server Fault or respective owner