Page 1 of 1

what to do without safe_mode

Posted: Tue Apr 04, 2006 3:52 pm
by asgerhallas
Hi,

I've read some about safe mode being removed from PHP6 and the PHP manual as well says, safe mode is a poor solution for restricting PHP-access to other files. But I can't find anywhere it says what to do in alternatively?

How do I prevent PHP reading all the files on my server?
How do I prevent the users on my shared host reading each others files?

Can anybody give me a hint?

/Asger

Posted: Tue Apr 04, 2006 3:56 pm
by feyd
proper permissions.

Posted: Wed Apr 05, 2006 4:18 am
by asgerhallas
That was a hint, but it didn't get me any further. I have been reading some places, that's not so easy setting up the right permissions on a shared server. Does anyone have a link for a ressource or a more specific hint?

Posted: Wed Apr 05, 2006 9:43 pm
by d3ad1ysp0rk
I'm no sysadmin, but from the issues I've dealt with at our work, it seems the best option would be:

- Map out your entire FS.
- List users that will be on your server (root, apache, site1user, etc)
- Link users with parts of the filesystem to show who NEEDS access to what (also, what access they need (read/write/execute))

From there, go ahead and setup all the permissions.