-1

Some time ago the PHP safe mode has been deprecated. That's why, I can't use it.

I'm planning to run a game server for a client who rents from me and I will give a directory-FTP to him. However , it'll run PHP and some plugins may use functions like unlink() outside of their allowed directory, being able to delete other dangerous server files... and functions such as exec() or any malicious, dangerous function should be disabled.

For example, Hostinger's hosting has what I'm looking for. They limit actions you can do and don't let you go outside your allowed directory using PHP, and functions such as exec() are disabled.

How can I do that?

Current Version : PHP7

Kevin Andrews
  • 1
  • 1
    I'd run a separate PHP pool as a different user with limited permissions. You might be able to do something similar with the web server. – Tim Sep 21 '17 at 20:04
  • How ? Please be more descriptive, I don't know how to run as different user and as of the disabled functions setting, some like `unlink()` are still needed and want them not to run outside the allowed directory, as I explained... – Kevin Sep 22 '17 at 14:19

1 Answers1

0

The php.ini configuration file permits a disable_functions setting.

That said, don't give people you don't trust access to your servers.

ceejayoz
  • 32,469
  • 7
  • 81
  • 105