i have installed CentOS on my computer.

And i have installed webmin, virtualmin to control "Virtual Servers" (sites).


Apache runs under user apache

But i can read any folder and file with php from any site.

how i can solve this problem??

This is due to the permissions that the process running php has. You'll need new PHP configurations for each site (you are allowed to use php.ini over again in any web root to override global settings, as long as you enable this override). Here, you can change each php process to run as a user that has exclusive access to those files (x00).

See the PHP docs at http://docs.php.net/docs, specifically, http://docs.php.net/manual/en/configuration.php

Note that some of this configuration is only possible if using PHP as CGI, rather than an apache module.

can you describe how to configure this with php.ini?

Sorry I was slow getting back to you. I did some more looking and it seems that, while you can get a custom php.ini in each directory, that does not help as far as locking down the php upload scope of access to the filesystem.

You would have to spawn a new apache process for each virtual host, using a different operating system user (different config file) for each one, and set the umask to 700 so that the files created cannot be readable by anyone other than the owner and root. Then again, perhaps the virtual hosts should be processed by the same apache process (to listen on the same port 80), which would mean that you need to enable overrides in .htaccess for each virtual host and therein change the running user, which would secure the php rights...

Also, I am not familiar with webmin/virtualmin, so I do not know how easy this configuration would be to implement and manage...

ok thank you very much. I will keep it in mind. and search for the step by step solution.