Hello.
I am trying to restrict a open_basedir to the document root of the domain.
So I have the following in httpd.conf.
<Location />
php_admin_value open_basedir /
</Location>
That isn't working. I've tried it using <Directory /> as well. I'm still
able to fopen("/etc/passwd"); How could I make it so that a person in say
/home/username/domain.com can only include from /home/username/domain.com
and not /etc/passwd (for example)? I would turn on safe_mode, but files are
uid:gid the client's FTP account while apache doesn't suexec to their
username and runs httpd:httpd.
Thanks!
-------------------------------------------------------------------
Graham Frank
Neoservers LLC (http://www.neoservers.com/)
Founder and Owner
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|