A user on my site and I are going to be developing a new web app. Id like to create a folder that we can work in without the fear that he could read outside that folder potentially reading config files etc.
Is there a way to create a sandboxed area that would prevent the user from including outside that folder - while still keeping the rest of the site the same?
Almost like an open_basedir for that one folder.
This is usually done by configuring the web server to run under an unprivileged user that has access to a selected few directories only.
It might be better to create an entirely separate apache vhost for him. Having him work in a folder means that he has to account for the folder in all his links. As in, for his sandbox to work, he needs to build links like:
It's not a huge deal, but its definitely a pain.
To go even further, it might be easier to create a whole new VM for him to work on.