views:

31

answers:

2

A user on my site and I are going to be developing a new web app. Id like to create a folder that we can work in without the fear that he could read outside that folder potentially reading config files etc.

Is there a way to create a sandboxed area that would prevent the user from including outside that folder - while still keeping the rest of the site the same?

Almost like an open_basedir for that one folder.

A: 

This is usually done by configuring the web server to run under an unprivileged user that has access to a selected few directories only.

deceze
+1  A: 

It might be better to create an entirely separate apache vhost for him. Having him work in a folder means that he has to account for the folder in all his links. As in, for his sandbox to work, he needs to build links like:

http://example.com/sandbox/my_app

It's not a huge deal, but its definitely a pain.

To go even further, it might be easier to create a whole new VM for him to work on.

Chris Henry