Hi Nathan, Thanks for taking the time to reply. Yes, this is a shared server. Each (UNIX) user's home directory is thier domain name i.e. /home/usersdomainnamehere.com and thier http root is www i.e. /home/usersdomainnamehere.com/www I am running apache 2. and mod_php. Most servers are running php 4.x right now, but we will be upgrading to 5 soon. Also, apache is running suexec for perl (cgi). When files are written via ftp and cgi they are owned by the user who logged in, and in both cases are limited to writing to thier home directory. In the case of PHP, the files are owned by www. Should I consider phpsuexec? Or will the apache directives you mentioned below take care of it? -Grant "Nathan Hawks" <nhawks@xxxxxxxxx> wrote in message news:1192931064.2526.30.camel@xxxxxxxxxxxxxxxxx > Are you running a multi-user hosting service? > > If so you can create include files on a per-user or per-domain basis. > Use the Apache config directive php_value to set your include_path and > open_basedir appropriately for each account; and other options as > desired. > > I don't know of a particular site, but that is the config framework that > Plesk uses. > > As for building PHP, make sure you run the testing battery ('make test' > after you 'make' and before you 'make install') in order to see how > 'hardened' your build is. > > > > On Sat, 2007-10-20 at 21:00 -0400, Grant wrote: >> Hi all, >> >> You've all likely heard this before...."I was hacked..." , "Had register >> globals on..." etc etc. >> >> Well, this is true of me as well. >> >> Does anyone know of a site that would help a semi professional lock down >> php, i.e. >> >> Perhaps how to install phpsuexec, >> >> Jail users to only have the ability to read/write to thier own files and >> directories, >> >> php.ini directives that have simiar affect as mentioned above. >> >> Any help appreciated. >> >> -Grant >> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php