In my server (cpanel) I see now that with a simple DIR script (PHP) I can list files of all users over public_html
/home/[user]/public_html/
How can I prevent users from accessing the files of other users?
In my server (cpanel) I see now that with a simple DIR script (PHP) I can list files of all users over public_html
/home/[user]/public_html/
How can I prevent users from accessing the files of other users?
The easiest method is by using PHP's open_basedir configuration setting. Unless you're using PHP 5.3+, you'll need to add the directive to apache's virtual host container for each site:
# restrict PHP access to /home/[user]
php_value open_basedir /home/[user]
Note that open_basedir isn't a 100% secure solution, but is a great way to restrict random code form reading things it should not.