mutli user web hosting

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

well mcgruff i never came into any problems :?
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

magicrobotmonkey wrote:yea exactly - each user has their own folder and you restrict their access to that folder. Cept often there will be a separate cgi-bin folder where is the only place things can be run. you could either have one for each user or have a universal one, with permissions set file to file.
but this part of the discussion is more for some other type of forum.
Ask yourself a few questions here...

What is to stop someone from running a PHP Script that could read/export the entire server database? Or stop someone from clogging up your mail server with a spam bot? Or use a script to view other people's source code, and copy/delete files? Or what is to stop someone from using [php_man]ini_set[/php_man]() to change critical PHP settings? Or what is to stop someone from using [php_man]exec[/php_man]() and totally destroying the system?

Solve those and I think you could be okay with what Malcolm suggested. :wink:
magicrobotmonkey
Forum Regular
Posts: 888
Joined: Sun Mar 21, 2004 1:09 pm
Location: Cambridge, MA

Post by magicrobotmonkey »

yea thats what im talking about with all the permissions
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Google is your friend: [google]php safe mode tutorial multi user hosting configuration[/google]

(You might want to split that long search into seperate ones for more specific results.)
benxuk
Forum Newbie
Posts: 8
Joined: Mon Mar 22, 2004 10:50 pm

Post by benxuk »

Sami wrote:
Ask yourself a few questions here...

bla bla bla use a script to view other people's source code, and copy/delete files? Or what is to stop someone from using [php_man]ini_set[/php_man]() to change critical PHP settings? Or what is to stop someone from using [php_man]exec[/php_man]() and totally destroying the system?

Solve those and I think you could be okay with what Malcolm suggested. :wink:
Thats exactly why i asked! Thank you heh :lol: i read this thread and thought "fek nobody understands me" but there we go 8) you can see, i'll be checking out that google stuff when time is on my side, electronics to mess up now thanks again, :D
benxuk
Forum Newbie
Posts: 8
Joined: Mon Mar 22, 2004 10:50 pm

Post by benxuk »

i still don't seem to be explaining myslef....

its like this 1 server, 1 instance of php, 20 domains, 20 user home paths

there is no way to stop these 20 user's accessing eachovers home path thru php code is there?
magicrobotmonkey
Forum Regular
Posts: 888
Joined: Sun Mar 21, 2004 1:09 pm
Location: Cambridge, MA

Post by magicrobotmonkey »

no its things you have to set on the server not with php
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

Did you have a look at User Mode Linux?
benxuk
Forum Newbie
Posts: 8
Joined: Mon Mar 22, 2004 10:50 pm

Post by benxuk »

:lol: vitual machines would work yeah, but it and future servers will be windows 2003 and i don't know of a virtual machine that lets me run thousands of intances at a satisfactory level of performance, and it is php that i'm concerned about not windows users, i can set as many permissions as i want, a php script can and will have the power to control the filesystem, so i guess its looking more like the safe mode thing or maybe writing my own php style isapi filter....


hmmm

maybe this makes sense to you guru's or maybe still theres another way around this?? :oops: i am ver n00b...........
Post Reply