After I upgraded to Custombuild 2.0 and installed Apache 2.4 and PHP 5.5 with mod_fcgid I noticed that users can access other's files. For example:
Disabling exec() and all other functions is not an option, they are used by customers.
Users can also list which other users are present on the server:
I searched a lot, but cannot find a solution for these two problems. Who can help me?
PHP:
<?php
exec('ls -l /home/otheruser/domains/domain.com/public_html', $result);
echo '<pre>';
print_r($result);
echo '</pre>';
?>
Disabling exec() and all other functions is not an option, they are used by customers.
Users can also list which other users are present on the server:
PHP:
<?php
exec('ls -l /home', $result);
echo '<pre>';
print_r($result);
echo '</pre>';
?>
I searched a lot, but cannot find a solution for these two problems. Who can help me?