• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

cancelling the effect of SuexecUserGroup

M

mlcprs

Guest
Hi,

As a Plesk, VPS and Apache beginner, I need to change the server configuration on Plesk such that the effect of the SuexecUserGroup directive is removed, so the user's cgi scripts run as the apache user (www-data), rather than as the user specified in that directive (the domain user), just like on an unshared (non-VPS) server. I don't care about security from other domains because only one domain runs on it anyway, so making the user domain-specific is irrelevant from a security point of view and stops some of the user's code working.

This directive is found in httpd.include
and is:
SuexecUserGroup user psacln
(this line appears twice, for ports 443 and 80)

I understand that this file can't be modified, as it may be overwritten by Plesk. Therefore additional directives must go in the vhost.conf file.

I tried creating the following vhost.conf file in the hope it would override the directives in httpd.include. Is it even possible to override it? The server will effectively see two conflicting SuexecUserGroup directives. Also I'm not sure it will be happy with a repeat of the VirtualHost directive.

<VirtualHost 1.2.3.4:443>
SuexecUserGroup www-data www-data
</VirtualHost>
<VirtualHost 1.2.3.4:80>
SuexecUserGroup www-data www-data
</VirtualHost>

Anyway, the effect of this was to stop Apache running.
I'd be grateful for any advice from someone who knows something about Apache configuration and suexec.

Regards,
Peter
 
Strange. It should be overrided without any problems.
I have tried:

[root@cos5skx ~]# cat /var/www/vhosts/test.domain.com/conf/vhost.conf
SuexecUserGroup psaadm psacln

and restarted Apache without any problem. You can check Apache configuration with 'apachectl -t' before restarting. But note, that if you have created new vhost.conf - you should run '/usr/local/psa/admin/bin/websrvmng -v -a' after that.
 
Thanks very much for your reply, Igor.

I did /usr/local/psa/admin/bin/websrvmng -a (without the -v you suggest), but it must have worked or it would have ignored my vhost.conf rather than causing an incorrect Apache config.

Thanks for the tip on checking Apache config with 'apachectl -t'.

Does your vhost.conf only contain that one line
SuexecUserGroup psaadm psacln
or does it appear within other directives? I'm wondering if the VirtualHost directives are upsetting it. The reason I included them is because the SuexecUserGroup directive appears nested within the VirtualHost directive in the httpd.include file, so I just duplicated that structure.

Thanks again.
Peter
 
mlcprs said:
Does your vhost.conf only contain that one line
SuexecUserGroup psaadm psacln
or does it appear within other directives? I'm wondering if the VirtualHost directives are upsetting it. The reason I included them is because the SuexecUserGroup directive appears nested within the VirtualHost directive in the httpd.include file, so I just duplicated that structure.
Click to expand...
Hi,

Did you get it to work?
 
No, I didn't do any further experiments, and my client decided to change to a non-Plesk server, partly due to the poor support they got on the Plesk VPS, but for other reasons as well.
 
You must log in or register to reply here.

Similar threads

TimReeves
Resolved Webmail - PHP not working, file downloaded not executed
Replies
2
Views
2K
aslotta
aslotta
jhernanper
Issue Unable to install SuiteCRM: Symfony Runtime Exception. Tried everything - desperate
Replies
1
Views
3K
Maarten.
M
duy13
[AntiDDoS] for Plesk Panel with vDDoS Proxy Protection
Replies
0
Views
2K
duy13
duy13
J
Resolved ServerAlias directive not working correctly after apache update?
Replies
1
Views
2K
johnrdorazio
J
M
Issue Is this a bug? psadm_users DENY permissions coming back?
Replies
2
Views
946
M_N
M
Back
Top