Re: Secure File Paths, File System

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Daniel Kolbo wrote:
> Hello PHPers,
> 
> I am quite ignorant about file system security.   I was hoping you all
> could help me understand things.
> 
> How does one restrict php script from going (reading, writing) files in
> the file system?
> As I see it, a php programmer could change the include_path, with
> ini_set(), use "../" etc..., and browse all the files on the server to
> which the php engine has access.  This would clearly not be acceptable
> to a web host company, so how do most hosts restrict this kind of
> behaviour?
> 
> Now, suppose i only have php access to my 'files' as defined by my host
> somehow.  (again, my first part of the question is how do they do
> this?).  Is it possible for me to further restrict this file
> accessibility for different sub-folders?  Let me provide an example
> folder hierarchy and user scenario.
> Suppose there are two php programmers (me and you).  I want full access,
> but I want to restrict you to your subdomain (subdomain2).
> 
> +AllUsers (me and you)
> +Domain1
> ++Subdomain1 (me only)
> ++Subdomain2 (me and you)
> ++SharedDomain (me and you)
> +ServerFile1 (me only)
> +ServerFile2 (me only)
> +SecretFile (no user)
> 
> Thanks for helping understand how to restrict/limit different php
> programmers from going into places I'd rather them not go.
> dK
> 

Two methods come to mind, chroot and just setting perms for specific dirs.

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux