Disabling Functions

ryan_c

Hello all,
I doubt that many will have an answer for or will want to answer this question but here it goes.

Situation

I'm on a server: apache
with access to : .htaccess files, not config files

and I have safe mode DISabled (quite the opposite of most problems).

there are other users on my site confined to their own directories through ftp only letting them change files in their own directories and subdirectories, however...

even though they are confined to their own directories and subdirectories in ftp, with safe mode disabled, any (HTTP) php file-manager-type program is able to let the user escape the boundaries of their own site.

This is because with safe mode disabled, execute() and system() functions plus a few others are enabled.

I can't change admin values such as
- disable_functions execute,system
- open_basedir
- safe_mode_exec_dir

etc..

question

So what can I do?
how can I disable these functions in the users directories?

After thinking for a long while, the only kind of makeshift way could be to append or prepend to every page (through auto_append_file etc.) some code that would stop the two functions.

Any ideas?

Thanks to anyone that does.

icaro

do you want that it ISNT to be possible to list/open files in personal ftp directories from apache?
if that is the question and you dont have acess to server configuration, try to remove read permission from that directories and files for users 'other' (if you are in a linux or NT, win2k..)
the apache works as 'other', and if it dont have permission it wont show the files.

ryan_c

I worked out a solution. For anyone wanting to know I just chmod(ed) directories to 701.

Do this to directories that you wish these browser-based PHP file managers not to have access to.