I am starting to offer web hosing for small local businesses and I
want to offer PHP support.  I already have PHP installed on my machine
(running Windows 2000 Advanced Server (service pack2)).  PHP can be a
security risk as it allows access to pretty much everything. I want to
allow the customers to write their own scripts but need to ensure that
they can't read/create/modify/delete/list files from any other
directory but their own.  This is possible in Unix & Linux but I can't
figure out how to do it in Windows 2000 Advanced Server.

---

Clarification of Question by phallout-ga on 26 Jun 2002 00:53 PDT

I am using Apache as my web server v 1.3

Hi, 

These pages on the PHP.net website should be read. The website is
great for lots of information, not just basic stuff, but user input as
well.

Configuration
http://www.php.net/manual/en/configuration.php

Manual -- Safe Mode 
http://www.php.net/manual/en/features.safe-mode.php

Functions restricted/disabled by Safe Mode
http://www.php.net/manual/en/features.safe-mode.php#features.safe-mode.functions


Here are two excerpts from the above links which will limit the
operating area of PHP to a directory.

1) from the Safe Mode link
If instead of safe_mode, you set an open_basedir directory then all
file operations will be limited to files under the specified directory
For example (Apache httpd.conf example): <Directory /docroot>
  php_admin_value open_basedir /docroot 
</Directory>
 
If you run the same script.php with this open_basedir setting then
this is the result: Warning: open_basedir restriction in effect. File
is in wrong directory in
/docroot/script.php on line 2
 
2) the description of open_basedir 

open_basedir string
Limit the files that can be opened by PHP to the specified
directory-tree.

When a script tries to open a file with, for example, fopen or gzopen,
the location of the file is checked. When the file is outside the
specified directory-tree, PHP will refuse to open it. All symbolic
links are resolved, so it's not possible to avoid this restriction
with a symlink.

The special value . indicates that the directory in which the script
is stored will be used as base-directory.

Under Windows, separate the directories with a semicolon. On all other
systems, separate the directories with a colon. As an Apache module,
open_basedir paths from parent directories are now automatically
inherited.

The restriction specified with open_basedir is actually a prefix, not
a directory name. This means that "open_basedir = /dir/incl" also
allows access to "/dir/include" and "/dir/incls" if they exist. When
you want to restrict access to only the specified directory, end with
a slash. For example: "open_basedir = /dir/incl/"

Note: Support for multiple directories was added in 3.0.7.

The default is to allow all files to be opened. 

---- end excerpt ---- 

That should take care of jumping directories. 





Links of Interest

Apache Today -- Good resource for setting up servers for PHP and other
things
http://apachetoday.com/

Particularly look at these links on the same site. 

High-Risk Apache Exploit Circulating
http://apachetoday.com/story/2002-06-21-001-01-SC-HE-SW.html

Vulnerability in Apache for Win32 batch file processing
http://apachetoday.com/news_story.php3?ltsn=2002-03-22-001-06-SC-CY-AD

Apache 1.3 Security Fix Available for Win32/OS2 users
http://apachetoday.com/news_story.php3?ltsn=2001-05-13-002-06-SC-AD

PHPBuilder.com Tips and Quickies
http://www.phpbuilder.com/tips/

PHP:Servers-Apache - Manual
http://www.php.net/manual/en/install.apache.php


Thanks for the question and good luck on the hosting business. 

webadept-ga