Jump to content

PHP/Server permissions


eepp

Recommended Posts

Hi eventual helpers. I have a particular problem and didn't find anything helpful on the net (or maybe I don't know how to search properly for that matter). So, I recently bought a Web hosting plan on fatcow.com, and I have the opportunity to park as many domains as I want. That's what I did, with, for the moment, two domains (let's call them foo.ca and bar.ca). How FatCow works is that it creates a directory in the root of your account which has the following syntax: "[domain name with extension]-redirect". So now, I have in my root directory the two folders "foo.ca-redirect" and "bar.ca-redirect". When I go to foo.ca, I fall into the files and scripts in "foo.ca-redirect".

 

PHP CGI access is activated everywhere, and here's my problem: I created a custom FTP account for someone owning bar.ca so when the guy connects, his root "/" is right into the "bar.ca-redirect" directory (but he does not see that). But if he wans, this guy can upload a file destroy.php in his root which contains something like:

 

<? unlink("../foo.ca-redirect/index.php"); ?>

 

... and this is where I find that dangerous (in other terms, he can do absolutely anything he likes in any other parked domains with a script).

 

So, is there any way (with Apache .htaccess, PHP.ini (I have access to editing this file) or simply UNIX permissions) to make the scripts contained in a specific directory only capable of playing with files and folders in that directory (and sub-directories)?

 

Thanks for your help!

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.