security - Properly Set Permission to /home/user folder for webserver -

security - Properly Set Permission to /home/user folder for webserver -

i'm setting own linux server running centos 6. know basic commands etc. don't have much experience apache/php security although have lot of experience php on itself.

so, test security on server wrote php script acts sort of "navigator". can go 1 directory up, open files, etc. etc.

the problem is, tools allows me go till "/" , not happy this. although apache beingness run "nobody" seems can reach every folder , file on whole server.

i tried solve cpanel did it, since don't have cpanel don't know how done.

basically have this:

/home/account/public_html /home/anotheraccount/public_html

i want create "anotheraccount" can not access files of "account". love "anotheraccount" can't outside it's own directory!

yes, know thinking: install suphp/fastcgi/suexec, can't because eating resources. know it's possible without installing either 1 of them! uploaded script professional yet not known webhost , able go within / it, not within home directories except own. /home/ listed empty!

how secure home folders?

you can utilize open_basedir directive in php.ini restrict script directory, see documentation.

if want different sites have different restrictions php instances must have different values of open_basedir, can set in apache on per-virtual-host basis. see this question in stack overflow more details.

however, note open_basedir not apply external commands executed using system() , friends. if want safe best move on running several instances of php-fpm different users or using suphp. 1 of answers this question contains explanation of how set ownerships , permissions allow users access own files.

security permissions centos public-html