orly

Registered
Dec 23, 2019
2
1
3
Russia
cPanel Access Level
Website Owner
Hello. I'm running multiple sites on the same server and I want to isolate them so no one can access files that don't belong to him. However, I am experiencing problems with PHP.

How can I make sure that PHP code can't get out of it's folder and read files in folders which belong to other subdomains? The problem is, that PHP.ini values are easily overwritten with .htaccess I am unable to turn off. I also don't have any access to httpd.conf so I can't specify php_admin_value.

It seems that my hosting provides PHP-FPM, but not access to a config file, so I again can't do anything. Any help is appreciated.
 
Last edited:
  • Like
Reactions: sailcashbet

cPSamuelM

Technical Analyst Team Lead
Staff member
Nov 20, 2019
196
38
103
USA
cPanel Access Level
Root Administrator
Hello @orly,

Thank you for contacting cPanel!

Can you please provide more context about your concern? Can you clarify whether you are hosting multiple sites within the same cPanel account, or whether you have reseller or root access to the server and the sites are actually hosted in individual cPanel accounts?

Commonly, as with the use of the suPHP handler, PHP scripts are run as the cPanel user. Therefore when a PHP script is executed it may have access to other files and directories that are owned by the user that executes it.

I also wonder if the owners of the sites you are hosting have direct access to modify the .htaccess files, as you mentioned your concern about the .htaccess files overwriting PHP settings.

I look forward to your reply!

Best regards
 

orly

Registered
Dec 23, 2019
2
1
3
Russia
cPanel Access Level
Website Owner
I am a regular cPanel user. I don't have access to the server's root.

I also wonder if the owners of the sites you are hosting have direct access to modify the .htaccess file
Yes, they have. I just can't turn them off.

So... the only way is to buy VDS or reseller hosting?