Home
Security


   1. To limit all the PHP file operations under the domain's DocumentRoot directory WHT inserts the fillowing inside the VirtualHost areas in the httpd.conf file:

   php_admin_value open_basedir /var/www/home/user/domain1.com


   2. To limit all the CGI file operations under the users's home directory WHT inserts the fillowing inside the VirtualHost areas in the httpd.conf file:

   SuexecUserGroup q q

 This directive requires the suexec module. Apache must be configured (before compilling) with these options --enable-suexec --with-suexec-docroot=/some/directory --with-suexec-caller=some_user...

 This means that the CGI programs will be executed only if the user's home directory is a subdirectory of /some/directory and the web server is run by some_user. You can create the directory/some/directory/home and change the $userhomedir variable in conf_inc.php to "/some/directory/home"

 In the WHT installation I assume that some_user is the apache user as it is in RedHat 9. If this is not the case with your system in the installation process replace apache with the appropriate user.


 Note: The httpd rpm package in RedHat 9 is configured with the options: --enable-suexec --with-suexec-docroot=/var/www. So you have to create the directory /var/www/home

   #mkdir -m 755 /var/www/home

change the $userhomedir variable in conf_inc.php to "/var/www/home" and add the following row in /etc/httpd/conf/httpd.conf

   LoadModule suexec_module modules/mod_suexec.so




developer: Nikolay Ivanov email: nivanov@email.com