include PHP script from under the user directory

**LampedWeb** · 07-14-2009 05:05 PM

I want

/home/someapi
/home/useraccount

include('/home/someapi/somescript.php');

or

include('somescript.php');

usable from all accounts while keeping basic security so that users can't access files inside other users directories.

If it helps, I own the VPS.

Any ideas?

**Spiral** · 07-15-2009 01:00 AM

That's not an issue if you run PHP as SuPHP!

If you run PHP as DSO (Apache Module) then you have php_openbasedir
available to you which is designed specifically to help with that and you
just need to go in and enable that from the "Security Center" menu in WHM!

**LampedWeb** · 07-15-2009 02:21 AM

What I've done:

Gone into the PHP config screen and set open_basedir to "/home/mai_api/" (without quotes),

Gone into the security center, "Tweak PHP open_basedir Security" and enabled it (oops, that should have been enabled already...),

Put a test.php in /home/mai_api/test.php and tried calling it from a user account. It still says "open_basedir restriction in effect. File(/home/mai_api/test.php) is not within the allowed path"

**LampedWeb** · 07-15-2009 02:23 AM

Just double-checked EasyApache, and I don't have mod SuPHP compiled in. Should I rebuild with that?

**david510** · 07-15-2009 10:36 AM

Since the error us popping up, open_basedir protection is there. Add the path to the VH section in the httpd.conf file for the corresponding domain.

LinkBack

Thread Tools

include PHP script from under the user directory

Create a user account with PHP (script)?

email forwarding to script forcing user directory

What Log can I look in to see how a user uploaded a php script

Running php script as another user

php - include cgi script