Hi everybody,
I'm trying to provide users of the system with their own userdir with php enabled. I installed mod_userdir and modified /etc/apache2/mods-enabled/userdir.conf as follows:
<IfModule mod_userdir.c> UserDir /var/www/public UserDir disabled root <Directory /var/www/public/*> AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Require method GET POST OPTIONS </Directory> </IfModule>
Of course I do have security concerns. The main one is preventing alice from creating a php file that is able to read from bob's webroot. Alice cannot read bob's webroot via filesystem since it's owned by bob:www-data and she's not bob and also not member of www-data. But the server of course can.
I've seen something like
php_admin_value open_basedir .
which is promising but also prevents alice from navigate her own directories.
Is there any way to define the open basedir to /var/www/public/<username>?
I've seen of php-fpm but I don't think it could fit: users could change dynamically and also uses a lot of memory(?).
Thanks in advance,
Marco
|