Home/ Questions/Q 8436727
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T07:15:40+00:00

I have an Amazon ec2 instance (linux). I’d like you (yes, you) to be

  • 0

I have an Amazon ec2 instance (linux).

I’d like you (yes, you) to be able to upload a PHP file and then serve it live on http://www.mydomain.com/yourname. I’d also like to be able to do this for numerous other people (www.mydomain.com/theirname).

I’m worried that you (or they, let’s not point fingers) could do malicious things (purposefully or accidentally). For example, an infinite loop, reading/writing outside of one’s root directory, taking the server down, running system commands, etc. This is what I would try if I wanted to be malicious.

Is there any way to set up PHP/apache/user permissions, or maybe search through their code before serving it, so that being malicious would at least be much, much harder?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Among other things, you’ll definitely want to adjust your PHP.ini to include this:

    disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

    This will prevent the execution of those functions within any PHP files that utilize this .ini

    I would also enable open_basedir support to lock down users to within their own directories so they can’t use something like:

    require_once '../../another_user/index.php';

    or

    $notMyFile = file_get_contents('../../another_user/config.php');

    • 0