[[php:usage]]
 
Trace: » list » open_basedir » php.in » php4 » php_myadmin » suphp » update » upgrade » url_decoder » usage

complete usage of Setup a per-user php.ini

If PHP_INI_SCAN_DIR is set, PHP will scan the complete directory (not recursively though) for .ini files. You can protect your custom php.ini as much as you want, a user can create ie. hack.ini and override those settings.

We are using a customized version of your bash script. It supports a per user temp directory as well.

Code: 

#!/bin/sh

# create custom temp directory
rm -rf /home/$username/tmp
mkdir -p /home/$username/tmp
chown -R $username:$username /home/$username/tmp
chmod 755 /home/$username/tmp

# create custom php.ini
rm -rf /usr/local/directadmin/data/users/$username/php/
mkdir /usr/local/directadmin/data/users/$username/php/
chown $username:$username /usr/local/directadmin/data/users/$username/php/
touch /usr/local/directadmin/data/users/$username/php/php.ini
echo "open_basedir = /home/$username/:/tmp/:/var/www/html/" >> /usr/local/directadmin/data/users/$username/php/php.ini
echo "upload_tmp_dir = /home/$username/tmp/" >> /usr/local/directadmin/data/users/$username/php/php.ini
echo "session.save_path = /home/$username/tmp/" >> /usr/local/directadmin/data/users/$username/php/php.ini
chown root:root /usr/local/directadmin/data/users/$username/php/php.ini
chattr +i /usr/local/directadmin/data/users/$username/php/

exit 0;

We're using chattr to protect the directory from outside access. This limits maintenance a tiny bit, but increases security. For the removal of a user the following is needed:

Code: 

touch /usr/local/directadmin/scripts/custom/user_destroy_pre.sh 
chmod 755 /usr/local/directadmin/scripts/custom/user_destroy_pre.sh
nano /usr/local/directadmin/scripts/custom/user_destroy_pre.sh

Add the following code:

Code: 

#!/bin/sh
chattr -i /usr/local/directadmin/data/users/$username/php/

exit 0;

Make sure it's accessable:

Code: 

chmod +x /usr/local/directadmin/scripts/custom/user_destroy_pre.sh
chown diradmin:diradmin /usr/local/directadmin/scripts/custom/user_destroy_pre.sh

The httpd templates should be changed accordingly:

Code: 

|*if SUPHP="1"|
        SetEnv PHP_INI_SCAN_DIR /usr/local/directadmin/data/users/|USER|/php/
|*endif|

Open /etc/httpd/conf/httpd.conf and change the following (within the /var/www/html/ directory configuration):

Code: 

 <IfModule mod_suphp.c>
      suPHP_Engine On
      suPHP_UserGroup webapps webapps
 </IfModule>

To:

Code: 

 <IfModule mod_suphp.c>
      suPHP_Engine On
      suPHP_UserGroup webapps webapps
      SetEnv PHP_INI_SCAN_DIR
 </IfModule>
 
php/usage.txt · Last modified: 2010/03/01 16:30 by muscardin
 
Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Noncommercial-Share Alike 3.0 Unported
Please visit Automatic Backlinks to start earning free backlinks Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki