Results 1 to 2 of 2
  1. #1

    Disable php/cgi/perl or lock user at homedir

    Hello,

    One of my customers is offering hosting as subdomains for his customers.

    This customer has a normal cPanel account with me. Although he is affraid about security because their users can list his public_html or other users dirs with a script like:

    function gera($nova_pasta){
    $pasta = dir($nova_pasta);
    while (false !== ($this = $pasta->read())){
    $path = $nova_pasta.'/'.$this;
    if ($this != '.' AND $this != '..' AND is_dir($path)){
    echo '' .$nova_pasta.''.$this .'
    ';
    gera($path);
    }
    }
    $pasta->close();
    clearstatcache();
    }
    gera('../../');

    He would like to lock users so they cant list public_html and other users dir with a script like the above or disable php/cgi/perl for specific users.
    I have tried the php_flag engine off but I am using suexec + phpsuexec and that wont work with the error:

    Invalid command 'php_flag', perhaps mis-spelled or defined by a module not included in the server configuration

    Do I have any other solution for this ?
    Dedicated Servers, Managed OpenStack Cloud, Colocation and Managed Colocation in Brazil
    Privately owned 10,000 server capacity Data Center
    maxihost.com.br/en
    +1-844-243-9907

  2. #2
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,290
    have you looked at openbase_dir ?
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •