Hi All,

I want to setup virtual hosting on my Linux server with apache, php, perl, postgresql and mysql. What I don't know is how to make it secure, if one of my customers decides to write a php script which would access someone else’s directories and files how can I prevent it? I don't have time to go through each line of code which my customers upload on the server. Please let me know if you know the solution for this.

Thanks in advance.

Jerry

The best solution is to use Plesk Server Administrator (www.plesk.com). This will do all the securing your need and allow you to administer your server from a web interface...

Plesk only allows you to see YOUR files.. no-one elses. by using chroot

I don't see how this product can prevent somebody writing a php script that would access directories/files that belong to other people. The problem is that apache is run by one user i.e. nobody, this user has access to all the web content on the server, therefore a php script of one person can potentially access somebody else's files. And I don't want to run a separate httpd for every customer for obvious reasons.

The easiest way would be to use PHPs safe mode and base dir restrictions...