The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Accessing files outside /home/user_name

Discussion in 'General Discussion' started by mmsweb, Nov 4, 2008.

  1. mmsweb

    mmsweb Registered

    Joined:
    May 3, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I would like to know how to set up an account to access files outside of your default folder of files (/home/some_user to access php files in /home/lib_user).

    I would like to access libraries that are within a directory outside the user's directory. How to proceed?
    Thank you.
     
  2. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    if the library is made up of php files, you could put them in php's default include path (/usr/local/lib/php)
     
  3. apokalypse

    apokalypse Registered

    Joined:
    Jan 17, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Yes, this works, but the user has access to the source code of the script and I just want him to make a 'include'. Any sugestion???

    tanks!
     
  4. jBillu

    jBillu Member

    Joined:
    Oct 21, 2008
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Then there are twos of doing it.

    > Edit the main php.ini file of the server which is usually placed in /usr/local/lib/php.ini and add the path containing libraries i.e. /home/user_lib to 'include_path' variable. After that restart the apache to take its affect
    > Second solution is place a php.ini file in that particular user's account under public_html directory and then apply the above changes i.e. add that library path in 'include_path' variable.

    Please make sure 'safe_mode' is also turned Off in php.ini file.

    Hope that will help.
     
  5. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    If he can include the script, then the source will be retrievable regardless of where the file is located
     
  6. mmsweb

    mmsweb Registered

    Joined:
    May 3, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    If I put in include_path, the user can access the source code: file (), file_get_contents () .. And this can not happen.
     
  7. mmsweb

    mmsweb Registered

    Joined:
    May 3, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Yes, but the developer gains access to the source code via include?

    I know it is possible to file (), file_get_contents...
     
  8. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    if the file can be included like:
    Code:
    <?php
    
    include("somescript.php");
    
    Then regardless of where you put it, the user can:

    Code:
    <?php
    
    file_get_contents("somescript.php");
    
    There is no way around this except disabling the file functions (Which will render most scripts useless), so you might want to consider obfusificating the script instead so that the code is not readable
     
    #8 nickp666, Nov 5, 2008
    Last edited: Nov 5, 2008
Loading...

Share This Page