限制PHP的文件系统访问到一个文件夹 [英] Restrict PHP's file system access to a folder

问题描述

我的情况：我有运行Apache，我使用的个人项目共享的托管帐户。现在，我的一个朋友需要一点点空间，提出了一个网站为他的曲棍球俱乐部。我决定让他在我的帐户下运行它，并给他限制他的的public_html /冰球访问的FTP帐户​​。

My scenario: I have a shared hosting account running Apache that I use for personal projects. Now a friend of mine needs a little space to put up a website for his hockey club. I decided to let him run it on my account and to give him an FTP account that limits his access to public_html/hockey.

我的问题：有没有办法在这样一种方式，他们无法访问该文件夹的曲棍球之外的任何文件，以限制他的PHP脚本（在他的曲棍球文件夹）？我正在寻找包括像在php.ini或.htaccess的配置解决方案。请不要回复告诉我，他应该尽量不要到该文件夹​​之外的任何访问。我试图提高对他的code有意访问和意外的安全漏洞的安全性。

My question: Is there a way to restrict his PHP scripts (in his hockey folder) in such a way that they couldn't access any files outside the hockey folder? I'm looking for a solution involving something like a configuration in php.ini or .htaccess. Please do not reply to tell me he should try not to access anything outside that folder. I'm trying to improve security against intentional access and accidental security holes in his code.

如果你知道如何实物沙盘环境中运行自己的内容，任何有建设性的意见是很大的AP preciated。

If you know how to run his content in kind of a sandbox environment, any constructive input is greatly appreciated.

谢谢，西蒙

推荐答案

您可以使用的 的open_basedir 配置设置来限制PHP的范围。例如，设置的open_basedir 每个目录的httpd.conf 你可以这样写

You can use the open_basedir configuration setting to limit PHP's reach. For example, to set open_basedir per directory in httpd.conf you would write

<Directory /var/www/public_html/hockey>
  php_admin_value open_basedir "/var/www/public_html/hockey"
</Directory>

这篇关于限制PHP的文件系统访问到一个文件夹的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！