Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi there,
I have like 5 forge servers now with each own clients. I want to add multiple clients on one shared environment but im thinking about restricting write access to each other. I've checked the phpinfo and i see no open_basedir is active. Has Taylor thought about this and is it somehow protected already by adding new sites in the forge dashboard or should i somehow active this myself?
Edit: I've tested it just now by adding 2 sites. I've created a dummy file which i tried to delete with a php command in the other domain. This succeeded. Does anyone know a stabile solution preventing this?
Edit 2: I am doing this because i am hosting Wordpress websites on the server and i want to prevent screwing up the whole server when one of the website gets hacked. Doing all i can to prevent it tho but you never know..
Edit 3: I read open_basedir is depr.. http://www.blog.turmair.de/2010/05/securing-a-php-server-for-shared-hosting-environments/
What is your idea about this?
Thanks in advise!
The setup for Forge is not intended for shared environments.
You'll have to modify the way the server is setup if you want to do something different.
You would probably be better off installing a control panel such as cpanel or plesk rather than using forge as those are targeted at shared environments.
Hmm, okay. But what kind of things makes the difference? I just want to host multiple websites like 2 laravel applications but dont give them write access to each other. I think its a bit of a overload to just install plesk or cpanel for it just to prevent it have write access to each other.
It cant be like this i've just seen.. there must be some prevention executing those commands.
echo file_get_contents('/etc/passwd');
I just get all content of this file. Why??? Why dont we limit it to the home/forge/*
Please or to participate in this conversation.