Since CGI is a powerfull for webprogramming.
The mirrorside of CGI is very danger.

virtualhost User on same server can write CGI program read other user source code, DB and ...

if set chmod 750 or 770 for file php, this file can't include to other. cuzz can't read.


How to block CGI can't read other user's directory.

--Admin--

Two words:

- Apache
- suexec

Using Apache's suexec wrapper runs all user scripts under the priveleges of that user. Using this, along with proper file/directory permissions on the server, ensures users can't do anything in a script that they can't do anyway.

PHP has safe_mode, which prevents access to files not owned by the user. Couple this with an open_basedir set to the user's home directory, and you've locked down PHP as well.

Users should never be able to view other user's files, period. Using suexec, PHP's safe_mode and open_basedir features, and having proper permissions on files/directories, you can effectively lock down the system without sacrificing functionality for your users.

Hope this helps.

Thanks,

how to use suEXEC or where is the article to gide using & config suEXEC.

Thanks

http://httpd.apache.org/docs/suexec.html