User149

That with the apache Directory option should get u what u want Thanks so much for the help! Here is what I now have in my .htaccess file located at /home/public_html/.htaccess: <Directory /home/public_html/dev> PHPIniDir "/home/public_html/php.ini" </Directory> Unfortunately I think I made a mistake there as it's now displaying "[an error occurred while processing this directive]" for any pages within that directory, which means there's an error in .htaccess file. It's probably an obvious mistake I made - but would you be able to provide the exact implementation of what you describe?

Hi, I have my website located at /home/public_html. I have a folder used by my web managers at /home/public_html/dev. The web managers only have the permissions to access the contents of that dev directory and no other directory on the website. But, is there a way to disable certain dangerous functions like shell_exec() only in /home/public_html/dev ? I know you can disable functions in php.ini, but the problem is that if I put the php.ini file in the /home/public_html/dev directory, it could easily be changed (on my shared host it's not possible to change owner/group permissions). Putting the php.ini file with the disabled functions list in /home/public_html works great in preventing the dev folder from using them since its in an inaccessible location to the web managers, but unfortunately that also prevents me from using the functions in public_html, where they are needed. One possible solution I was thinking could involve writing an .htaccess conditional statement, but I'm not quite such how to accomplish that. Here is what I would need to do in my .htaccess file: IF DIRECTORY == /home/public_html/dev { suPHP_ConfigPath /home/public_html/php.ini # Sets the location of the php.ini file to use. # I know suPHP_ConfigPath works perfectly, just need to know how to do the conditional } I would have the above .htaccess file as well as the php.ini file with the restrictions located in /home/public_html, but it would ideally only use that php.ini file with the restrictions within the dev folder. Does anyone know how to accomplish the above conditional statement, or some other solution which would allow me to disable certain PHP functions for the dev directory without affecting the public_html directory or having the php.ini file directly in the dev directory? Thanks!

Thanks for the quick responses! I made a test file and put it in my main directory with Public and Group write access denied, but was still able to include it within a file in the "calendar" directory, so I'm afraid it didn't work. Though for some reason, in FileZilla, it won't let me deny Owner write access, so I was unable to try that. Sorry if I'm missing the meaning of what you're saying - would I need to somehow deny write permissions for the Owner on files I didn't want accessed? The scripts in the "calendar" directory still need to run - I just need to prevent them from accessing files outside of that directory. The users who maintain that "calendar" directory via FTP are keeping that section of the website updated for the public. However, I just don't want them to be able to access other parts of the site, which they currently can via using the include() and unlink() functions (among others) within scripts in the "calendar" directory. True, but this was what I was hoping to avoid. A lot of updates are made throughout the week, so reviewing each of the new files/changes individually would take quite a lot of time. I was just hoping for some kind of solution to allow them to independently manage the directory, without having to worry about potential damage to other portions of the site.

Some of the files they need to keep updated/maintained are PHP files. I believe I'm getting closer to finding a solution, just need some help figuring this part out. I found a php.ini directive called open_basedir: http://www.php.net/manual/en/ini.core.php#ini.open-basedir open_basedir basically allows you to restrict what directories a PHP file can access through include(), fopen(), etc., exactly what I'm looking for. So I went into my php.ini file in the "calendar" directory, found open_basedir, and set it to restrict PHP files in the "calendar" directory from accessing files outside of that directory like so - html/calendar/php.ini: open_basedir = /home/user/html/calendar/ It worked great and prevented any PHP file within the "calendar" directory from using the include() function to include files outside of that directory. But here's the problem: If one of the users with access to the "calendar" directory wanted to, they could simply turn open_basedir Off in the php.ini file, since the php.ini file with that open_basedir restriction resides in the "calendar" directory. So my question now becomes: could open_basedir be activated in a php.ini file (or through some other means) outside of the "calendar" directory? It's kind of pointless to have the restriction set in a location that users can access anyway. My hosting provider, BlueHost, does have the option for using a single php.ini file (as in, you can set it so that there's just a single php.ini file located in html/php.ini which all directories use) if that would be of any help. If someone could point me in the right direction or if you have any other suggestions, feel free to post.

Hi, I'm in need of knowing how to prevent certain PHP files from being able to access files in other directories. I've spent hours searching around for solutions, but nothing has yet worked, so I'd very much appreciate some help. Essentially, I have a site with a "calendar" directory: http://mysite.com/calendar. I have a secondary FTP account (created via my BlueHost cPanel) which allows other a few people to access only the "calendar" directory through FTP so they can keep the files in that directory up to date. That all works great - however, the problem is that someone could simply upload a file containing: <?php unlink('../index.php'); ?> to the "calendar" directory and delete the entire site, even though their FTP account could only access the "calendar" directory. Is there any way to prevent files in the "calendar" directory from having any access (unlink(), include(), etc.) to files outside of that directory? Perhaps using .htaccess or CHMOD permissions, or some other method? Many thanks for any help or advice!