Web Shared Server, Security Problems,

Hey,

I'm running some web shared servers without any CP,

The apache web server runs with user/group nobody/nobody

each virtual host points to a specific ftp account for each one of my customers,
of course, I must give read/write access to the 'other' group so apache will be able to read/write,

My problem is that one customer can actually access other customer's directory as wells (due to the fact that all sites has permissions to read from each other because of the Apache requirements)

It is possible to declare in php an "open_basdir" which is great but still all sites must be under this directory,

Is there any way to create a base_dir per virtual host somehow?
Or maybe there's any other way to lock a site only in its directory ?

Thanks

 

 

 

 

Top