0

Essentially i found out you can limit the folders each user has access to by using php's basedir/open_basedir.

I'd like to have each php only access its own files. So i wrote

fastcgi_param open_basedir $document_root;

in hopes that it would work. It didnt. I googled and only found results saying you cant do it via fastcgi or nginx.

Is this true or can i not do it?

PS: I -do- spawn php as its own user (rather then www-data) so it doesnt wreak havoc on my nonphp websites. But i still like to prevent one php script on a php site from accessing other directories (if i have a wordpress install on yourface.com its pretty obvious a valid php path is /var/www/yourface/<wordpress scripts>

Improve this question

1 Answer 1

Reset to default
1

In recent versions of php, ini values can be set over fastcgi. See https://stackoverflow.com/questions/1215120/set-php-include-path-from-nginx for details.

Improve this answer
3
  • This doesnt appear to work. I'm using version 5.3.3. The current stable is 5.3 Commented Nov 14, 2011 at 4:17
  • The comments on the php bug say that it should be working in 5.3.3. What's the line you added to nginx.conf? Are you using fpm? Commented Nov 14, 2011 at 12:13
  • ah ha. I was using php-fastcgi instead of fpm. I always thought fpm is for apache. So my config line was correct! (which i got from your answer link). Thanks! Commented Nov 14, 2011 at 13:47

You must log in to answer this question.