Shared hosting PHP safety

[orly]

Hello. I'm running multiple sites on the same server and I want to isolate them so no one can access files that don't belong to him. However, I am experiencing problems with PHP.

How can I make sure that PHP code can't get out of it's folder and read files in folders which belong to other subdomains? The problem is, that PHP.ini values are easily overwritten with .htaccess I am unable to turn off. I also don't have any access to httpd.conf so I can't specify php_admin_value.

It seems that my hosting provides PHP-FPM, but not access to a config file, so I again can't do anything. Any help is appreciated.

 

[SamuelM]

Hello @orly,

Thank you for contacting cPanel!

Can you please provide more context about your concern? Can you clarify whether you are hosting multiple sites within the same cPanel account, or whether you have reseller or root access to the server and the sites are actually hosted in individual cPanel accounts?

Commonly, as with the use of the suPHP handler, PHP scripts are run as the cPanel user. Therefore when a PHP script is executed it may have access to other files and directories that are owned by the user that executes it.

I also wonder if the owners of the sites you are hosting have direct access to modify the .htaccess files, as you mentioned your concern about the .htaccess files overwriting PHP settings.

I look forward to your reply!

Best regards

 

[orly]

I am a regular cPanel user. I don't have access to the server's root.

I also wonder if the owners of the sites you are hosting have direct access to modify the .htaccess file

Yes, they have. I just can't turn them off.

So... the only way is to buy VDS or reseller hosting?

 

[cPRex]

For the security and tools you're looking for, it sounds like getting some level of dedicated plan would be the best way to go.