1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Apache User / Directory Rights 777

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by MaximilianP, Nov 16, 2010.

  1. MaximilianP

    MaximilianP Guest

    0
     
    Hello everyone,

    i am pretty new to Plesk on Linux so i have a in my eyes quite complicated issue which i don't know how to solve:

    I installed Plesk Panel on Debian which is running quite good so far.
    The only Problem is ttah no matter what application i install on my webspaces
    (Redaxo CMS, phpBB and so on) i alsways have to chmod all directorys an files to 777. Which is security wyse for sure not the best idea.

    A friend of mine said: "The user running the apache service at least has to be in the same group as the ftp user so not every directory has to be put to 777"

    But i have no idea what and how to to it. So any help would be appreciated!

    Regards

    Max
     
  2. lvalics

    lvalics Silver Pleskian Plesk Guru

    36
    43%
    Joined:
    Jun 20, 2003
    Messages:
    965
    Likes Received:
    32
    Location:
    Romania
    You can install mod_suphp and then you do not have this issue.
    Check the tutorial on my signature.
     
  3. Marco Cristofanilli

    Marco Cristofanilli Basic Pleskian

    24
    23%
    Joined:
    Apr 10, 2009
    Messages:
    50
    Likes Received:
    0
    Location:
    Frosinone (Italy)
    You can change php handler from panel and use fastcgi
     
  4. MaximilianP

    MaximilianP Guest

    0
     
    How?

    Thanks for this hintz. Can you give me a short info how this is done?
    Does it have any disadvantages?

    Regards

    Max
     
  5. EduardH

    EduardH Basic Pleskian

    21
     
    Joined:
    Feb 13, 2010
    Messages:
    65
    Likes Received:
    0
    Hello Maximilian,

    Both of previous replies suggest to run PHP as domain system user, so PHP would access files and directories created by FTP w/o problems, it would be possible to forget about insecure 777 permissions etc.

    But if PHP scripts are run as domain user, scripts (in default Plesk settings) can modify any file in web directory. So if a PHP script is developed insecurely, in can modify web directories on the same domain. If safe_mode is on in PHP configuration, it's possible to restrict the directories where PHP scripts can create/modify the data, so this issue can be fixed even on cites containing bad PHP code.

    I would recommend Apache modules mpm-itk or mod_ruid2 with standard PHP module. These two technologies can save memory and CPU resources comparing with suPHP or FastCGI.

    You can see more details at http://forum.parallels.com/showthread.php?t=106297 .

    Let me know if you have any questions.
     
  6. lvalics

    lvalics Silver Pleskian Plesk Guru

    36
    43%
    Joined:
    Jun 20, 2003
    Messages:
    965
    Likes Received:
    32
    Location:
    Romania
    Regarding mpm-itk or mod_ruid2, do you have a test, benchmark made by someone where we can see it is faster?
    To take a decision to move from one solution to an another require this kind of test.
     
  7. EduardH

    EduardH Basic Pleskian

    21
     
    Joined:
    Feb 13, 2010
    Messages:
    65
    Likes Received:
    0
    Hello lvalics,

    It's nice to see your reply here. :)
    I wish your company to develop more add-ons for Plesk!

    Concerning mod_itk and mod_ruid2.
    I liked suPHP in the past, but I was really disappointed when I watched performance degradation and increasing server load after replacing mod_php with suPHP on all domains on Plesk servers. My measures showed that simple PHP code containing "<? phpinfo() ?>" was taken by 6 times more time with suPHP than with mod_php. Probably simpler code like '<? echo 2+2,"\n" ?>' with minimal output would indicate even more difference.

    I have found some results using Google:

    http://blog.stuartherbert.com/php/2008/01/18/using-suphp-to-secure-a-shared-server/

    • suphp: average of 164.677 seconds
    • mod_php: average of 6.422 seconds
    So it's enough to compare PHP module with mpm-itk and mod_ruid2 to have approximate estimation or the difference.

    My current test on Plesk server:

    * The following code was placed to /var/www/vhosts/example.com/httpdocs/id.php :
    <?php $a = posix_getpwuid(posix_geteuid()); echo $a['name'], "\n"; ?>
    This code just prints system user name or a process running PHP code.

    * id.php was called by "curl" web client 1000 times in command line on Plesk server:
    # time for i in `seq 1 1000`; do curl -s http://vanon.com/id.php >/dev/null; done

    The result:

    mpm-itk: 24s
    mod_ruid2: 13s
    mod_php: 13s

    Best regards.
     
  8. lvalics

    lvalics Silver Pleskian Plesk Guru

    36
    43%
    Joined:
    Jun 20, 2003
    Messages:
    965
    Likes Received:
    32
    Location:
    Romania
    Thank you for your reply. We will stay and develop new things for PLESK.

    Regarding your article pointed out, I am in a little doubt it is real :)

    * suphp: average of 164.677 seconds
    * mod_php: average of 6.422 seconds

    See the difference, is not logic to be such a high difference.
    This mean that we have a server right now, running over 300 domains, a lot of Joomla, Wordpress etc and all with mod_suphp, so now the server should work almost 30 times slower? Hmm, not even noticed any difference in running.

    I have reviewed the 2 mod mentioned and indeed, could be an alternative, is not ignorable anything what is on the market, especially that suphp wasn't updated since 2009.

    mpm-itk - same, latest update 2009, no documentation
    mod_ruid2 - 2010, great, but same lack of documentation

    Even if we will review and try it on a test server, it is hard to tell if we will suggest now to replace suphp with ruid2 (which I prefer more then mpm-itk).
    It is my opinion, before doing too many tests, just to read about them.
     
  9. EduardH

    EduardH Basic Pleskian

    21
     
    Joined:
    Feb 13, 2010
    Messages:
    65
    Likes Received:
    0
    > Regarding your article pointed out, I am in a little doubt it is real
    Yes, it looks unreal. I just hoped to see your opinion. I believe that

    T (mod_suphp) = 6 * T(mod_php)

    where T(x) is execution time of small PHP script with Apache module x. For large PHP scripts operating with databases the difference can be lower.

    Concerning a documentation from the authors of modules mpm-itk and mod_riod2:

    mpm-itk: http://mpm-itk.sesse.net/
    mod_ruid2: download from http://sourceforge.net/projects/mod-ruid/files/, extract and read README

    These descriptions are seemed to be very well for developers and system administrators. Also install instructions will be accumulated in our "Run PHP as User" documentation.

    Thanks.
     
Loading...