views:

106

answers:

2

As you know. You have to write open_basedir = '/var/home' etc

I want to write like this: open_basedir = '/var/home/*/'

Which i want is php should restrict every directory which is in home directory, for every different directories.

Short question: How can i write open_basedir like this: open_basedir = 'var/home/*/'?

Thank you very much.

A: 

You can. You must specify each path in the directive :

open_basedir = "/var/home/path1/:/var/home/path2/:/var/home/path3/"
OcuS
Thank you very much. But is there any automatic directory definition. ? Because there are many directories.
ONSC
+1  A: 

If you want to restrict PHP to each user's own home directory you need a PHP setup in which:

  1. PHP runs with the user credentials
  2. PHP accepts a per-user configuration

A typical case is a CGI (or FastCGI) setup, rather than running PHP as Apache module. Then you can provide a custom php.ini file for each user.

BTW, I haven't tested it but perhaps open_basedir = "~" works as expected...

====== EDIT ======

Some clarifications that arise from the OP's comment:

  1. In Unix shells, "~" is a synonym for "current user's home directory" so it's "/var/home/john" if you are john and it's "/var/home/michael" if you are michael. "var/home/~/" has no special meaning: it's just a directory that's called ~.

  2. Many programs use this shell convention. I don't know if PHP does so.

  3. CGI allows to execute arbitrary programs on the server so it is less secure than static HTML the same way that a skateboard is less secure than a space shuttle. But we are not talking about executing arbitrary programs: we are talking about executing the PHP interpreter. It'll be as as secure as PHP and your environment are.

  4. If you are interested in the subject, Google for FastCGI (a CGI implementation with enhanced performance). Many hosting providers use it.

Álvaro G. Vicario
i tested open_basedir = 'var/home/~/' didn't work. Thank you for your answer. Would you send a helping URL for CGI setup for providing custom php.ini for each user.Last question : I ve heard CGI has some security problems. Is that true ?Thank you again.
ONSC
Thank you very much.
ONSC