1. To limit all the PHP file operations under the domain's DocumentRoot
directory WHT inserts the fillowing inside the VirtualHost areas in the httpd.conf file:
php_admin_value open_basedir /var/www/home/user/domain1.com
2. To limit all the CGI file operations under the
users's home directory WHT
inserts the fillowing inside the VirtualHost areas in the httpd.conf file:
SuexecUserGroup q q
This directive requires the suexec module. Apache must be configured (before compilling)
with these options --enable-suexec --with-suexec-docroot=/some/directory
This means that the CGI programs will be executed only if the user's home directory is a
subdirectory of /some/directory and the web server is run by some_user.
You can create the directory/some/directory/home
and change the $userhomedir variable in conf_inc.php to "/some/directory/home"
In the WHT installation I assume that some_user is the apache user
as it is in RedHat 9. If this is not the case with your system in the installation process
replace apache with the appropriate user.
Note: The httpd rpm package in RedHat 9 is configured with the
options: --enable-suexec --with-suexec-docroot=/var/www. So you have to create the
#mkdir -m 755 /var/www/home
change the $userhomedir variable in conf_inc.php to "/var/www/home" and
add the following row in /etc/httpd/conf/httpd.conf
LoadModule suexec_module modules/mod_suexec.so