That's the key right there. You probably need to think of multiple approaches to securing the files (suexec, cgiwrappers, php level tweaks, etc). This is the one place where *nix and apache fall a hair short. What would be nice would be the ability to assign user level settings to each virtual host. That way you can run it under the user and they can only modify their own file. So if they don't upgrade things like phpbb it affects them only and not the entire client base of that server. I know there is an alpha stage project out there for 2.0.x that does just this but I would have been nice to have this as part of the design implementation. Gary > > I would not tend to think very much of open_basedir by itself, but the > other options you mention sound like they are worthwhile. Thanks for the > info, I was curious and you filled in some blanks. > > Eric --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|