I'm currently configuring a webserver based on Apache v2.0.43 and PHP v4.3.0. This server will be used for several customers. Now with a standard setup of PHP it will be possible (if you know that this is a virtual server) to read out the other customers. Let's suppose the directory is


/var/www/customer1


Then customer2 could for instance display the content of /var/www and get all other customers names. To prevent this it would be required to use a specific USER to run a virtualhost. But this is not possible if you don't choose to install PHP as cgi-binary (and then using suexec) or does anybody have a working solution for this ?

I've already restricted the directory to /var/www and the subdirectories already using open_safedir, but as from that point I do not have further ideas currently ...

A short demonstration would be probably something like posted here

After enabling safe_mode the demonstration failed ... (I removed the open_basedir restriction). The trick is to set the base directory for all virtual hosts owned by root ... this prevents the readout ... (if safe_mode is active).

(Be sure to set safe_mod_gid to OFF otherwise users which are in the same group can read the others directories...)

Also set safe_mode_exec_dir to some empty directory to prevent scripting attacks ...



Well to use open_basedir on a virtualhost basis it also secures things ... like described in http://www.php.net/manual/en/security.apache.php ... in detail (with the extension of doc_root for additional security):