In order to setup my server correctly (using IIS 5, PHP 4.1 as ISAPI)
and offer PHP services to the people who have some small virtual websites
hosted on that machine, I fell on the following problem.
The per directory settings that can be set through the registry do not
allow me to restrict 'open_basedir'. I can only set it through the
system wide PHP.INI in %WINDOWS%\PHP.INI.
This means I am left with the only option to set aside a tree on the
server and set the global open_basedir to that tree. At least my users
won't have access to all the disks. But they will share a common tree.
And that is not a very good idea for privacy purposes. Of course I admit
I depict a situation a little bit darker that in real life. The IUSR_...
user (identity under which the IIS runs) does not have access to many
things on the system, so basically I can restrict people from going
everywhere by carefully setting the file system access lists. But it
would be so easy and comfortable to be able to preset all these websites
to distinct cleary isolated subtrees by virtue of 'open_basedir'.
I first thought of a bug. Then I found the following page :
<http://www.php.net/manual/en/function.ini-set.php>
which states that 'open_basedir' is a 'PHP_INI_SYSTEM' setting.
Conceptually what was the intent ?
On Apache, if I had some per-directory settings in the httpd.conf file,
are those considered SYSTEM settings or per-directory settings for this
purpose ?
How do system administrators do with Apache (and IIS) to restrict users
(who have rights to maintain one virtual web-site) to not be able to use
PHP scripts to access any info outside of some clearly defined world ?
Isn't it what open_basedir is all about at first and don't you have the
feeling it is defeated by not being updatable on a per_directory level
by the administrator ?
The funny thing is that the PHP.INI file says the following comment
about open_basedir :
; open_basedir, if set, limits all file operations to the defined directory
; and below. This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file.
Yep, but at least with the way the per-directory settings are
implemented on Win32, that intent is defeated.
Do you think this should be logged in as bug ?
--
Olivier Mascia <[EMAIL PROTECTED]>
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
