1

I have a few important documents that I keep owned by www-data (apache's user) in my /var/www/ folder. They have to be www-data because PHP will write to them at times.

I also have users who access the system in /home/ ... They have access to make websites but are FTP rooted to their home directory, however.

I think it would be possible to simple make a PHP file that lets them read most of my /var/www/ PHP files, and not to mention write/delete my www-data owned files.

How can I get PHP and every other command to jailed to the users home directory?

  • 1
    See this [question](http://serverfault.com/questions/21061/securing-php-webservers). Basically with something like suphp or the alternatives you can have PHP run as a the specific user. – Zoredache Aug 17 '10 at 23:37
  • Also search do a search here for [suphp](http://serverfault.com/search?q=suphp) there are lots of related question that include details about setting things up. – Zoredache Aug 17 '10 at 23:45

2 Answers2

0

In addition to the suggestion of suphp, you might also consider looking at the open_basedir options... http://www.php.net/manual/en/ini.core.php#ini.open-basedir

Jon Angliss
  • 1,782
  • 10
  • 8
0

You may try CloudLinux kernel ;) it has this built in called SecureLVE

eth0
  • 16