php


Ubuntu - Prevent Linux/Apache users from listing anything but their home directory with PHP


Long story short, I'm in the early stages of building a small web hosting server. When I create a new site for a customer this happens:
A new Linux user is created with a home directory and /sbin/nologin
The user is added to group sftpusers
A public_html is created in the users home directory
A new Apache Vhost is created
The site is started and the process is running as the new Linux user using mpm-itk and AssignUserId
All well so far. The user can only sftp in to the home directory and put his files there. The user can't navigate outside the home directory when using a SFTP client like WinSCP or similar.
The problem is that they can list stuff outside the home dir with a bit of php. This will list everything in /etc/:
$scan = scandir(/etc);
foreach ($scan as $i) {
echo $i;
}
This is my problem and it needs to be dealt with, but I don't really know how.
My /etc/ssh/sshd_config:
Subsystem sftp internal-sftp
Match Group sftpusers
ChrootDirectory /home/%u
ForceCommand internal-sftp
AllowTCPForwarding no
X11Forwarding no
Please let me know if additional information is needed.
Solved this by using open_basedir

Related Links

PHP choose the side a die has?
kohana transaction with orm
What is PEAR most appropriately used for
When I export files with php/html my session data resets
How could I customize Zend_Tool to provide my own skeleton/template?
Update Personal Details PHP Script
MySQL query fails sometimes when using Internet Explorer
Possible injection from date string Select query
REGEXP to convert any 3 chars or less word to wordVVV
regexp split string by commas and spaces, but ignore the inside quotes and parentheses
Convert PDF to JPG automatically on upload in Drupal
Submit a form and email it with PHP
Retrieve data from mysql by php to create flot graph
How to pass parameters to PHP template rendered with 'include'?
Proximity search with Google maps
How do you handle library dependencies during deployment using PHP?

Categories

HOME
ionic2
shinyapps
clearcase
key
whmcs
openlayers-3
odata
semantic-web
portable-class-library
elk-stack
bittorrent
google-search-console
mailing-list
azure-graph-api
xades4j
parsley.js
nsstring
pushdown-automaton
cuba-platform
sonicwall
reselect
uima
vertica
home
fido-u2f
kamailio
amazon-sns
rxjs5
function-points
router
spring-annotations
materialize
basic-authentication
intune
es6-modules
subclassing
xll
aurelia-http-client
python-sounddevice
grunt-contrib-watch
expandablelistview
linq-to-excel
xcglogger
sony-future-lab-n
amazon-elastic-beanstalk
spring.net
simple-schema
scala-collections
palindrome
http-basic-authentication
clrs
alertify
openquery
wolfram-language
apache-pig-grunt
mathnet
swiffy
gulp-uglify
preferenceactivity
flask-security
srv-record
wso2ml
unhandled
org-babel
explain
mutators
phonegap-facebook-plugin
visual-studio-6
relationships
osascript
squeezebox
box2dweb
csslint
thruway
radius-protocol
django-sites
sensormanager
ctp
compiler-flags
hyphen
colon
jquery-transit
jbox2d
ntlmv2
live-wallpaper
getopt-long
uitextfielddelegate
prototypal-inheritance
yuidoc
glx
firefly-mv
kohana-auth
webresponse
anonymous-types
ios-4.2
cassini
cleartype
asdoc
powergui
tacit-programming
downloadfile

Resources

Database Users
RDBMS discuss
Database Dev&Adm
javascript
java
csharp
php
android
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App