Hello,

I am sharing my webserver with a few people and I am trying to create some sort of an admin panel for them. It has to be able to change Apache VirtualHosts and reload Apache. Now I can make the config-changing PHP code, but there are 2 Apache-related problems.

  • I want only my script / all scripts from my VirtualHost to be able to write to a specific directory. So I don't want other people to be able to write a simple PHP script to bypass my config script screw around with Apache config/
  • I want only my script / all scripts from my VirtualHost to be able to reload Apache (through a shell command). Again, I don't want other scripts to be able to do this.

Running Apache 2.2 with PHP 5.3/5.4 (not really sure) on Debian Squeeze Linux.

Not sure if this is the right place for this stuff, sorry.

-Lukas

Member Avatar

LastMitch

I am sharing my webserver with a few people and I am trying to create some sort of an admin panel for them

What do you mean by that? I mean you can create login pages for each people.

Are you talking PHPMYADMIN?

No, not PHPMyAdmin. I'm trying this:

They (my clients) each have their own webspace, /home/username/www/domainname.com.
And let's say an other user has the webspace /home/otheruser/www/otherdomain.com.
If I was username and I would create a file upload script, I would give Apache folder permissions for /home/username/www/domainname.com/uploads.
But otheruser could then easily access/change the files in /home/username/www/domainname.com/uploads through a PHP script.
So my idea was to make it possible for the users to grant only specific domains or something like that access to a folder.

I can't update the damn question! Aargh!

Member Avatar

LastMitch

So my idea was to make it possible for the users to grant only specific domains or something like that access to a folder.

You can create a login page to that folder.

I wouldn't touch the Apache folder permission. I can't recommend something like.

If the folder have webpage and also images or other stuff you can create a login page and put it in the folder.

So if a person who want to sign in to the folder, all that person needs to do is to login.

I use a PHP script to upload files to the folder. Using something like a .htaccess password protection won't allow me to do that.

I am using a PHP script to upload files. Now, I want to prevent other people on my server to do that with a PHP script (because Apache uses one user for all websites).

No, that's not what I'm looking for. When I give Apache folder write permissions, every domain on that server can write to the folder. BUT ONLY MY SCRIPTS ON MY DOMAIN SHOULD BE ABLE TO DO THAT!!!

The problem here is that the PHP user on Apache already has rights to all those folders. This is not easily solved. If you want I can move this to the linux forum, perhaps someone there knows a way.

Please refrain from shouting.