[[php:usage]]
 
Trace: » list » open_basedir » php.in » php4 » php_myadmin » suphp » update » upgrade » url_decoder » usage

complete usage of Setup a per-user php.ini

If PHP_INI_SCAN_DIR is set, PHP will scan the complete directory (not recursively though) for .ini files. You can protect your custom php.ini as much as you want, a user can create ie. hack.ini and override those settings.

We are using a customized version of your bash script. It supports a per user temp directory as well.

Code: 

#!/bin/sh

# create custom temp directory
rm -rf /home/$username/tmp
mkdir -p /home/$username/tmp
chown -R $username:$username /home/$username/tmp
chmod 755 /home/$username/tmp

# create custom php.ini
rm -rf /usr/local/directadmin/data/users/$username/php/
mkdir /usr/local/directadmin/data/users/$username/php/
chown $username:$username /usr/local/directadmin/data/users/$username/php/
touch /usr/local/directadmin/data/users/$username/php/php.ini
echo "open_basedir = /home/$username/:/tmp/:/var/www/html/" >> /usr/local/directadmin/data/users/$username/php/php.ini
echo "upload_tmp_dir = /home/$username/tmp/" >> /usr/local/directadmin/data/users/$username/php/php.ini
echo "session.save_path = /home/$username/tmp/" >> /usr/local/directadmin/data/users/$username/php/php.ini
chown root:root /usr/local/directadmin/data/users/$username/php/php.ini
chattr +i /usr/local/directadmin/data/users/$username/php/

exit 0;

We're using chattr to protect the directory from outside access. This limits maintenance a tiny bit, but increases security. For the removal of a user the following is needed:

Code: 

touch /usr/local/directadmin/scripts/custom/user_destroy_pre.sh 
chmod 755 /usr/local/directadmin/scripts/custom/user_destroy_pre.sh
nano /usr/local/directadmin/scripts/custom/user_destroy_pre.sh

Add the following code:

Code: 

#!/bin/sh
chattr -i /usr/local/directadmin/data/users/$username/php/

exit 0;

Make sure it's accessable:

Code: 

chmod +x /usr/local/directadmin/scripts/custom/user_destroy_pre.sh
chown diradmin:diradmin /usr/local/directadmin/scripts/custom/user_destroy_pre.sh

The httpd templates should be changed accordingly:

Code: 

|*if SUPHP="1"|
        SetEnv PHP_INI_SCAN_DIR /usr/local/directadmin/data/users/|USER|/php/
|*endif|

Open /etc/httpd/conf/httpd.conf and change the following (within the /var/www/html/ directory configuration):

Code: 

 <IfModule mod_suphp.c>
      suPHP_Engine On
      suPHP_UserGroup webapps webapps
 </IfModule>

To:

Code: 

 <IfModule mod_suphp.c>
      suPHP_Engine On
      suPHP_UserGroup webapps webapps
      SetEnv PHP_INI_SCAN_DIR
 </IfModule>
 
php/usage.txt · Last modified: 2010/03/01 16:30 by muscardin
 
Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Noncommercial-Share Alike 3.0 Unported
Please visit Automatic Backlinks to start earning free backlinks Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Abstracts from 500 rub: critical essay. Help to the students.