Bug in site isolation settings in Plesk 11.5 (IMPORTANT)

[Thomas Becker]

---------------------------------------------------------------
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
11.5.30 Update #2, CentOS 6.4 (Final) x64

PROBLEM DESCRIPTION
Site isolation settings don’t have any effect.

STEPS TO REPRODUCE
Configure the following in site_isolation_settings.ini:

php = on
php_handler_type = fastcgi

Create a service plan without the permission for "Setup of potentially insecure web scripting options that override provider's policy".
Create a customer with subscription and assign the service plan.

ACTUAL RESULT
The customer is able to switch between “CGI-Application”, FastCGI-Application and “Apache-Module”.

EXPECTED RESULT
Customer should not have the permissions to switch the "PHP support".

ANY ADDITIONAL INFORMATION

--------------------------------------------------------------

 

[IgorG]

I can't reproduce it. I have created file /usr/local/psa/admin/conf/site_isolation_settings.ini with content:

php = on
php_handler_type = fastcgi

and created corresponding Service Plan. Then I created customer with subscription based on this Service Plan. When customer login to Plesk he can't change php_handler in hosting settings.

 

[Thomas Becker]

Thanks Igor,
I checked it again. Now the site isolation settings seem to have an effect. I guess there was a bugfix in an MU after 11.5.30 #2.

 

[Thomas Becker]

Solution see this post:
http://talk.plesk.com/threads/site_isolation_settings-for-php_handler_type-are-ignored.330315/

Source of the problem are the service plan add-ons.
When you create a new add-on under permissions tab the option "Setup of potentially insecure web scripting options that override provider's policy" is greyed out but the option is checked by default.
As the option is greyed out the administrator may can think that the option is not active but it is.