• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

chroot httpd process

It doesn't matter if it has to be done. Security shouldn't be compromised in order to have better compatibility. I've offered my help, offer still stands.
 
A tactical update to this feature request, a short cut to implementation is to use the Chroot setting in mod_security as a straight DSO. You wouldnt need to make any kind of daemon level change in Apache itself. We've had this capability in Atomic Secured Linux for a few years now, and using this metho, the plesk side of things could just focus on organizing all dependencies that the applications need.
 
As far as i can see noone in Plesk is interested in this. So, bottom line:

1. We know that our setup is not secure
2. We don't mind, because if we make it secure we lose compatibility
3. We won't answear to any questions regarding that

Thank you Plesk guys, you just made my life a lot easier. I will switch to another product first chance i got. Also, i will try to explain to all other sysadmins in the world why not to use Plesk Panel.

Regards,
Igor Smitran
 
Way to be contra-productive there Igor Smitran.


You can't terrorize Parallels into making changes, you have to persuade them with reasonable arguments, like:

- Isolated sites are the only future for "Shared Webhosting", a hybrid of both worlds is needed, services like FortR. and Jel. are already trying to fill this void, I'm sure others are aswell.
- Maintenance should go down due to less manual interventions of sysadmins, thus making happier customers.
- Limitations should be tackled to provide a near identical experience for the end user.
- Security in 2013 should be top priority, looking at the recent exploits and security breaches in Plesk (API privilege escalation), cPanel (leak with helpdesk / File Inclusion in foreign backups) and Linux (0day Local Root Exploit in Kernel), it seems that Hosting Control Panels are more and more being targeted by hackers.
- People are requesting more and more shell access, for instace for git, but chrooted shells do not provide PHP or git, this should be provided by default in the Chroot. (not related to Apache Chroot, but is a reason we see people moving to other platforms).


Only this way will anyone consider it.


Parallels can then go into discussion with us, and provide us with the drawbacks that a Chrooted Apache creates,
and we can try to find a middle ground that works for us (the people requesting a Chrooted Apache), Parallels and all other Plesk customers.




So please, be more constructive.
I'm sure Parallels would gladly implement Chrooted Apache if it were dead easy, but it is not.




Just my 2,5 cents.
 
Last edited:
And what exactly was i trying to do in this entire thread? I've opened it, nothing happened, i've gave example of exploit (PM), i've asked what's next. Didn't receive any answear. I even offered my free help. If that is not enough then yes, i am contra-productive, terrorizing Plesk guys and everything else you said about me...

Also, by chrooting apache, you will not lose any compatibility because you can have as many php installations as you want, you can leave repo php to be installed as is, and yet, you can have different php installed for use with chrooted apache.
You are occusing me of being rude. Ok, maybe i am. Sorry if that's the case. But, answears like "it is not compatible", after all i have done to explain why current approach is not secure, for me is more than unprofessional...
 
Last edited:
Igor Smitran said:
And what exactly was i trying to do in this entire thread? I've opened it, nothing happened, i've gave example of exploit (PM), i've asked what's next. Didn't receive any answear. I even offered my free help. If that is not enough then yes, i am contra-productive, terrorizing Plesk guys and everything else you said about me...

Also, by chrooting apache, you will not lose any compatibility because you can have as many php installations as you want, you can leave repo php to be installed as is, and yet, you can have different php installed for use with chrooted apache.
You are occusing me of being rude. Ok, maybe i am. Sorry if that's the case. But, answears like "it is not compatible", after all i have done to explain why current approach is not secure, for me is more than unprofessional...
Click to expand...

I agree with StéphanS - Your tactics seem to be bullying, and as such, I could see why they are ignoring your requests for attention. If there is anything important to report, I am sure they will offer information.

As well, it has NEVER been a companies policy to outright discuss exploits or issues further...until a fix has been presented.

Thanks for your help, and hopefully Plesk makes strides to be more secure as you offer.
 
I am sorry @RaymondFH, who are you again? I didn't see you in this thread until now... Where were you when we talked about security here?
 
Last edited:
You must log in or register to reply here.

Similar threads

M
Question Issue with Availability of Free Version of Plesk (Plesk Web Admin SE) on Vultr Server Deployment
2
Replies
20
Views
4K
Sebahat.hadzhi
Sebahat.hadzhi
S
Question open_basedir and WordPress, general consensus needed, configured or none?
Replies
6
Views
4K
Duarte N
D
O
Question Where in Plesk can I configure 301 redirect for non-existing subdomains?
Replies
2
Views
538
olegos76
O
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
1
Views
242
Sebahat.hadzhi
Sebahat.hadzhi
S
Resolved Dovecot Broken After Latest Update
Replies
4
Views
1K
scpcomp
S
Back
Top