PHP security on mutualised server (can't change php.ini)

jobo49

We're trying to get our LAMP (Linux,Apache,MySql, PHP) application up and running on a mutualised server. We are running into problems to get the security in place.

Everyone tells us not to put our directories under the web server document root, and to limit the user to files in his/her root structure.

See for example, the article called Securing a PHP Installation at ONLamp.com
http://www.onlamp.com/pub/a/php/200.../php_admin.html

To follow the "classic" advice (such as given in the ONLamp article, we would like to change safe mode, doc_root, user_dir ...

However, as we are running on a MUTUALISED server, we cannot change the php.ini manually; and neither can we change php.ini dynamically from within a PHP script using ini_set

(And we can't either follow the approach of running PHP as a CGI, which is the other "classic" advice).

What is the recommended way to do security on a mutualised server? We're kinda lost..

drawmack

switch to liquid web, they are mutualized but each site has it's own install of php and you can modify the ini.