How to set PHP root directory?

Question

I've a web server with CentOS and DirectAdmin. I found that php is allowed to ignore the virtual host DocumentRoot. For example the following code:

<?php print_r(scandir('/')); ?>

Result on a listing of the root directory of the server.

Could it be related with SuPHP and php script running with user privileges (which is of course allowed to list the root directory)? How to avoid it and set a path for php / directory? I would love to have / pointing to the virtual host DocumentRoot or, even better, the user home folder.

score 1 · Accepted Answer · answered Feb 12 '13 at 17:16

1

You could try looking to chroot the webserver, something like this may work for what you need.

http://www.redhat.com/mirrors/LDP/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap29sec254.html

answered Feb 12 '13 at 17:16

EtherKnight

26
1

score 0 · Answer 2 · answered Feb 12 '13 at 17:27

0

PHP scripts aren't chrooted by default, and so accessing / is expected. You need to specifically configure PHP to chroot scripts if you want this behaviour. How you go about doing this depends on the webserver and how you execute PHP.

answered Feb 12 '13 at 17:27

mgorven

30,615
7
79
122

How to set PHP root directory?

2 Answers2