Securing multi user web hosting

Question:

In short:
How to make sure that users can't read/include files from other websites, and thus getting sensitive information?

The long one:
I'm trying to learn as much as I can about Apache, Linux and security as I can.
During this self study, I came across the following problem:

How to make sure that users can't read/include files from other websites, and thus getting sensitive information?
For instance via:
PHP Code:
<?
readfile("/www/domain.com/www/sensitive.php");
?>

The Setup:
Redhat Linux 7.2, no X installed.
Apache 1.3.27
PureFTPd 1.0.13

Each site hosted at /www/domainname.com/www/
Logs at /www/domainname.com/logs/

Symlinks from $home

Any ingenious ideas? Securing multi user web hosting

- Tarraq

 

 

 

 

Top