Hey,
We're running apache 1.3 with PHP5 and mod_vhost_alias on our hosting server
for our customers, so that we can add domains etc without needing to
reconfigure apache every time. Naturally we want to ensure the customers
can't get access to our files on the system, or each others homepages for
that matter. Unfortunately I cant' seem to find a way to get open_basedir
to work in a sane manner without knowing the customers docroot in advance,
which is impossible since they are dynamically generated by
mod_vhost_alias.
To give an example, a website testing.com would be stored
in /www/www.testing.com, but if I put the open_basedir restriction in
effect I have to put /www into the list of paths, which is in no way an
ideal solution. Is there some way of adding the document root to the
open_basedir directive without any prior knowledge of what it will be?
Thanks,
Daniel