[mpm-itk] mpm-itk and PHP config

Simon greminn at gmail.com
Thu Feb 23 01:06:07 CET 2012

Hi There,

Im wondering if someone would be able to please point me in the correct direction here?

We have a test server running debian squeeze and apache mpm-itk. Its all runninng nice with each vhost setup under their own user/group. The problem is: we need to allow some vhosts to use a restricted list of binary commands.. "html2ps" for example. I had setup a /www/example.com/bin directory for each vhost and copied the binaries into it.. and then used safe_mode_exec_dir to restrict the vhost to only run those binaries... But i cant find a way to restrict the binary applications to only files within /www/example.com/ or /www/example.com/htdocs/

e.g. if zip was a binary command in /www/example.com/bin, the user can still run this in PHP:

exec("/www/example.com/bin/zip /www/example.com/htdocs/newfile.zip /path/to/another/file.txt");

Im going a bit batty here and i think I'm on the wrong path altogether!!! So any assistance or pointers would be much appreciated!



More information about the mpm-itk mailing list