I'm going to have a web-hosting-alike service. I'll give each user a folder for them to upload php web pages they want. For example, I open: /user/best_julie/ for User 1, /user/jack/ for User 2, /user/tom4392/ for User 3, and /user/gogojim/ for User 4. But since I allow them to upload *.php files, They might be able to control files outside their folder. How can I prevent that? I hope they'll be able to control files inside their folder only.
How will they be uploading the files? If they have their own seperate account on the server they wont be able to access anything out of their home directory. If they are sharing an account then they will have full access to everything in the account.
Generally they should not be able to access other files outside their account until the tiles and folders are shared. But you can restrict to execute any file outside their account using open_basedir restriction in php.ini. Kailash