• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

chroot httpd process

It doesn't matter if it has to be done. Security shouldn't be compromised in order to have better compatibility. I've offered my help, offer still stands.
 
A tactical update to this feature request, a short cut to implementation is to use the Chroot setting in mod_security as a straight DSO. You wouldnt need to make any kind of daemon level change in Apache itself. We've had this capability in Atomic Secured Linux for a few years now, and using this metho, the plesk side of things could just focus on organizing all dependencies that the applications need.
 
As far as i can see noone in Plesk is interested in this. So, bottom line:

1. We know that our setup is not secure
2. We don't mind, because if we make it secure we lose compatibility
3. We won't answear to any questions regarding that

Thank you Plesk guys, you just made my life a lot easier. I will switch to another product first chance i got. Also, i will try to explain to all other sysadmins in the world why not to use Plesk Panel.

Regards,
Igor Smitran
 
Way to be contra-productive there Igor Smitran.


You can't terrorize Parallels into making changes, you have to persuade them with reasonable arguments, like:

- Isolated sites are the only future for "Shared Webhosting", a hybrid of both worlds is needed, services like FortR. and Jel. are already trying to fill this void, I'm sure others are aswell.
- Maintenance should go down due to less manual interventions of sysadmins, thus making happier customers.
- Limitations should be tackled to provide a near identical experience for the end user.
- Security in 2013 should be top priority, looking at the recent exploits and security breaches in Plesk (API privilege escalation), cPanel (leak with helpdesk / File Inclusion in foreign backups) and Linux (0day Local Root Exploit in Kernel), it seems that Hosting Control Panels are more and more being targeted by hackers.
- People are requesting more and more shell access, for instace for git, but chrooted shells do not provide PHP or git, this should be provided by default in the Chroot. (not related to Apache Chroot, but is a reason we see people moving to other platforms).


Only this way will anyone consider it.


Parallels can then go into discussion with us, and provide us with the drawbacks that a Chrooted Apache creates,
and we can try to find a middle ground that works for us (the people requesting a Chrooted Apache), Parallels and all other Plesk customers.




So please, be more constructive.
I'm sure Parallels would gladly implement Chrooted Apache if it were dead easy, but it is not.




Just my 2,5 cents.
 
Last edited:
And what exactly was i trying to do in this entire thread? I've opened it, nothing happened, i've gave example of exploit (PM), i've asked what's next. Didn't receive any answear. I even offered my free help. If that is not enough then yes, i am contra-productive, terrorizing Plesk guys and everything else you said about me...

Also, by chrooting apache, you will not lose any compatibility because you can have as many php installations as you want, you can leave repo php to be installed as is, and yet, you can have different php installed for use with chrooted apache.
You are occusing me of being rude. Ok, maybe i am. Sorry if that's the case. But, answears like "it is not compatible", after all i have done to explain why current approach is not secure, for me is more than unprofessional...
 
Last edited:
Igor Smitran said:
And what exactly was i trying to do in this entire thread? I've opened it, nothing happened, i've gave example of exploit (PM), i've asked what's next. Didn't receive any answear. I even offered my free help. If that is not enough then yes, i am contra-productive, terrorizing Plesk guys and everything else you said about me...

Also, by chrooting apache, you will not lose any compatibility because you can have as many php installations as you want, you can leave repo php to be installed as is, and yet, you can have different php installed for use with chrooted apache.
You are occusing me of being rude. Ok, maybe i am. Sorry if that's the case. But, answears like "it is not compatible", after all i have done to explain why current approach is not secure, for me is more than unprofessional...
Click to expand...

I agree with StéphanS - Your tactics seem to be bullying, and as such, I could see why they are ignoring your requests for attention. If there is anything important to report, I am sure they will offer information.

As well, it has NEVER been a companies policy to outright discuss exploits or issues further...until a fix has been presented.

Thanks for your help, and hopefully Plesk makes strides to be more secure as you offer.
 
I am sorry @RaymondFH, who are you again? I didn't see you in this thread until now... Where were you when we talked about security here?
 
Last edited:
You must log in or register to reply here.

Similar threads

S
Question open_basedir and WordPress, general consensus needed, configured or none?
Replies
6
Views
3K
Duarte N
D
G
Question WP installs are quarantined daily.
Replies
4
Views
592
Bobbbb
B
Alexey Sobolev
Important Updated Node.JS application hosting support
Replies
7
Views
5K
macmee
M
D
Input How to run Magento 2 on Plesk Obsidian 18 without Docker
Replies
6
Views
3K
WebHostingAce
WebHostingAce
Ming
Issue Passenger issue - boost::thread_resource_error: Resource temporarily unavailable
Replies
12
Views
3K
Ming
Ming
Back
Top