I would appriciate it if you guys could see if you have similar problems.... Im running PHP 4.3.6 with open_basedir and PHPsuexec. Safe mode is Off. No functions are disabled using the "disable_functions" directive in the php.ini file. The reason for this is because when running PHPsuexec a customer can place a php.ini file in their public_html directory and override *ANY* setting, including Safe Mode. A customer could use: Code: <?php include $_REQUEST['file'] ?> Where file = /etc/passwd This can be used to view other files anywhere on the system, if they know the exact location and if ANYBODY has permission to read it. They could also use exec, shell_exec, proc_open, and all those other functions we like to disable (simply because they can be overridden using a php.ini file locally). Safe Mode: So not having safe mode On seems very bad indeed. But then safe mode will break scripts like osCommerce (unless anyone else has successfully enabled safe mode and oscommerce still works, please let me know). PHPsuexec: PHPsuexec is nice because it tells us who is abusing resources, doesn't allow us to open other users files etc (if permissions are set correctly). Open_basedir: Is this the php value as set in the php.ini file? if so this is easily overridden again when using phpsuexec and a local php.ini file. My phpinfo pages report "no value" under this heading. Is that not right? should each user have their homedir specified? Ideally I'd like all 3 of these security measures in place, but can't have safe mode and phpsuexec running together, its gotta be one or the other. How do you guys have your PHP configured? I'd be interested to know. Cheers Matt.