Hello everyone, We are planning to upgrade our Apache+PHP web servers to PHP 5.4, but we see a problem now that safe mode is not available any more. We offer hosting to hundreds of users and we are using mod_userdir and safe_mode for that, allowing users to upload and run their own PHP scripts and applications on the servers. What alternatives are there to get rid of safe mode and at the same time not letting users to access files not owned by themselves or to run commands on the server? I've seen that now there's FastCGI, PHP-FPM... suPHP seems no longer be a widely adopted alternative... Also these solutions rely heavily on virtual hosts, and I find it a bit problematic with hundreds of users, even though there's mod_vhost_alias and all (DNS records should also be changed and it's a bit complicated for us now, for several reasons) Ideally, users should be restricted to their public_html directory (chroot, open_base_dir? Any other options? What is best?) So what solutions have you guys implemented? What pros and cons do they have? It used to be mod_userdir, mod_php and safe_mode. I know, it wasn't really safe and there were a lot of problems related to it, but it was simple at least. Now it appears it's not that way anymore, there are many layers and configurations... Are there any simple alternatives? Thanks in advance and kind regards, Rafa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
