I work with the systems administration at a university and just stumbled across something which is probably common, but was quite a shock to me.
All public_html directories and web areas are stored on afs, with read permissions for the web servers. Since users are allowed to have php scripts in their public_html, this means that they can access each others' files from within php (and the main web files!).
Not only does this render any .htaccess password protection completely useless, it also allows users to read php source files containing mysql database passwords and similar sensitive information. Or if they find that other people have directories where the web servers have write access (e.g. for personal logs or to save submitted form data) they can store files in those accounts.
A simple example:
<?
header("Content-type: text/plain");
print file_get_contents("/afs/example.com/home/smith/public_html/.htpasswd");
?>
Is this a common problem? And how do you typically solve it?
UPDATE:
Thanks for the input. Unfortunately, it seems there is no simple answer. In a big shared environment such as this, users should probably not be given this much choice. The best approach I can think of is to set "open_basedir" in the main configuration for all "public_html" directories, run suphp and only allow clean php (no cgi scripts, running external commands with backticks etc).
Changing the policy like this would break a lot of things though, and quite possibly make users grab their pitchforks and chase us... I will discuss it with my colleagues and update here if we make a decision on how to change the setup.