PHP - 1 non-root folder, 1 php file inside. Need to disallow that script from changing anything outside that folder

Question

I am supposed to provide an outside developer with access to our development server - hosted on GoDaddy.

I've created a folder in the root called bid-registration and have a file called bid-registration.php in there. It's all setup with its own database and FTP user.

However, I need a way to make sure the 3rd party developer can't access, create, delete, or modify any file outside of this directory.

How can I go about doing this?

I just need this folder to be a "walled garden".

Thanks very much for any help!

EDIT

I should add that the 3rd party developer currently only has access to this folder via the FTP "root folder" parameter. However, I need to restrict what PHP files in that folder can do. I don't want the PHP files to be able to CRUD outside of that folder.

Something as simple as "../" could start compromising the server, depending on what code he adds/runs in the file I setup for him.

Answer 1

I'm pretty sure it's not possible to do this but it's worth looking to see if selinux can do what you want just in case.

Answer 2

I don't think, that this requirement can be met using PHP on a shared host.

I'd propose to create another host for each partner, put each partner's scripts there and call those scripts using HTTP sub-requests (in case latency isn't too important).

If you are on your own managed server, suPHP might be helpful: http://www.suphp.org/Home.html .

Finally, don't forget that session files need to be protected too: Often in shared hosting environments, session file aren't properly isolated between shared hosts.

Answer 3

Create a FTP account, and set his home directory to that folder. If he has ever developed anything (ever) he will most likely want FTP more the godaddy access.

Here is a godaddy help article on how to do it: http://help.godaddy.com/article/1236
Set the path to the directory you were talking about.