Hello,
I've got kind of "noobie" question for you, but I can't find answer any way. I have got Apache2 and PHP5 installed, and I need to restrict access to directories, for example, to /etc.

Apache2 DocumentRoot works good for mapping URLs, but I can't get rid of Php being able to include /etc/passwd and stuff like that using "../../../" trick. (I made a file which includes it).

I was wondering about chrooting Apache, but I think it may break configuration of server.

So my question: Is there a way to disable access for Php and some other scripts to some directories?

Thanks for any replies.

Are you running apache as root? If so use another account that won't have access to those files.

Thanks for your answer. No, (well, there are several instances to raise performance, but only one runs as root actually) but for example /etc/passwd has default "rwxr--r--" rights, and chmod-ing all these files would be really painful for me. Also, doing this recursively to all files should not work for me either, as far as I know not all files should have same rights.

Hi,

Have a look at open-basedir.

Regards

1 members found this post helpful.

Thanks much, exactly what I was looking for. (First I was little upset because safe_mod had to be on for files like /etc/passwd, and it didn't restrict access to all files. Also doc_root kindly didn't work for me...).