How to Stop PHP files editing parent directories with chmod or .htaccess?

Question

I am allowing people to use a directory on my server but i don't want PHP files or other server side scripts editing any of the parent directories does anyone know how to do this and if it is possible with chmod or .htaccess.

I did google it but could not find anything i think i may have been looking for the wrong thing.

Answer 1

Use the open_basedir directive to confine your PHP scripts to their home directory and eventual extra directories. This is very efficient by itself.

Use hardened php because that costs nothing and it can help.

Use suPHP to have PHP scripts execute as the owner of the file (one user per website) and avoid using files with bad permissions such as 777... suPHP can also allow you to have one php.ini per directory so that one person's stupid requirement don't destroy everything.

Mod_security is a big plus but needs to be well used and configured.

Answer 2

Do you mean, you don't want them to be able to alter your PHP files?

Or you don't want the PHP programs to be able to alter files in this directory?

If it's the first, set the ownership of the files to a different owner and group than the guests are logging in with using chown. Then do chmod go-rwx *php in the folder you want to protect. That will make it so users not in the same group as you + anyone else cannot read, execute or write to those files.

If it's the second case, change the ownership of the files to something other than the account your webserver is running as (try <?php passthru('whoami');?>). Then do the same chmod command as above.

Answer 3

Just do not allow the user with whose credentials the PHP scripts are run to alter the parent directory. Chmod the parent directory drwxr-xr-x with a user different to the PHP user. Then give the necessary permissions in the subfolders.