views:

22

answers:

1

In my server (cpanel) I see now that with a simple DIR script (PHP) I can list files of all users over public_html

/home/[user]/public_html/

How can I prevent users from accessing the files of other users?

+1  A: 

The easiest method is by using PHP's open_basedir configuration setting. Unless you're using PHP 5.3+, you'll need to add the directive to apache's virtual host container for each site:

# restrict PHP access to /home/[user]
php_value open_basedir /home/[user]

Note that open_basedir isn't a 100% secure solution, but is a great way to restrict random code form reading things it should not.

Owen