You are not logged in.
Hello.
I'm about to put up a web server (Apache, PHP, MySQL), but I have some problems with rights. Right now, I have team up two virtual pages:
alias /johan "D:/virtual/johan/"
<Directory "D:/virtual/johan">
Order allow,deny
Allow from all
</Directory>
alias /patrik "D:/virtual/patrik/"
<Directory "D:/virtual/patrik">
Order allow,deny
Allow from all
</Directory>
And now to the problem. These pages should be entirely separate from each other but I can run a PHP script (inside johan directory) with the following contents:
<?php
// unlink("../test");
rmdir("../patrik");
?>
and the script successfully delete the directory patrik without problems. How do I arrange this? How do I get a script and other substances may only run in the johan directory and subdirectories?
Offline
Check permissions on the 2 directories - if the user that Apache runs as has write permissions to both then PHP can simply go up a directory and delete things without issue. You can try a couple things:
1. Modify permissions to remove write access from the Apache user.
2. If each of these directories are meant to be used by a different virtual host, set the PHP open_basedir value for each of them to be only their directory. You should be able to set in the virtualhost config:
php_admin_value open_basedir /path/to/restrict/to
Offline
2. If each of these directories are meant to be used by a different virtual host, set the PHP open_basedir value for each of them to be only their directory. You should be able to set in the virtualhost config:
php_admin_value open_basedir /path/to/restrict/to
Can you provide more detail, please?
Offline