HostingSecurity.exe command --update-domain-security not supported

[JulianP]

How can I apply a security template is Plesk 12?

In plesk 11, the following command worked...

"%plesk_bin%\HostingSecurity.exe" --update-domain-security "--vhost-name=domain.co.uk" "--add-template=C:\plesk-security-templates\my-template.xml" "--user-name=domainuser"

...but in Plesk 12 it shows the following message...

command --update-domain-security not supported. Possible commands:
   --help
   --create-domain-template
   --create-frame-forwarding-template
   --create-webuser-template
   --update-path-security
   --update-psaadm-spaw-security
   --repair-webspace-security
   --update-webspace-security
   --merge-webspace-subdomains-security
   --remove-repair-folder-entry-flags
   --rename-anonymous-user-to-pool-group
   --repair-filesharing
   --update-user-filesharing-security
   --remove-user-filesharing-security

The documentation for HostingSecurity.exe does not document these commands.:
http://download1.parallels.com/Plesk/Doc/en-US/online/plesk-win-cli/index.htm?fileName=45525.htm

If --update-domain-security is changed to --update-webspace-security then it shows...

Missing required parameter --webspace-name. Possible parameters:
    --webspace-name
    [--pathes-file]
    [--full-scan]

What I'm trying to do is use the command-line to grant write access to the web process on specific directories e.g. allowing a php script to create, update and delete files in httpdocs/cache

Thanks,
Julian

 

[IgorG]

Looks like there is bug in documentation. We will check it.

 

[JulianP]

Thanks Igor, that would be great.

I wonder why documentation for hostingsecurity.exe gets left behind? I'm sure a lot of people use it because its so useful - I mean who wants to manually set permissions every time you create a new site?

I left a comment on the documentation here 3 months ago but nothing happened.
http://download1.parallels.com/Ples...nistration-guide/index.htm?fileName=49499.htm

The same thing happened in the move from Plesk 10 to 11 and I raised it then.
http://talk.plesk.com/threads/hosti...es-undocumented-parameter.301177/#post-731454
But the Plesk 11 documentation was never updated.

The --user-name parameter that became required in Plesk 11 was only added to the Plesk 12 documentation!
http://download1.parallels.com/Ples...ne/plesk-win-cli/index.htm?fileName=45525.htm
http://download1.parallels.com/Plesk/Doc/en-US/online/plesk-win-cli/index.htm?fileName=45525.htm

Thanks,
Julian

 

[JulianP]

Hi Igor

HostingSecurity.exe is part of our workflow for new sites so this is really holding us up now. Please can we have a solution? We could pay for a support incident but it doesn't seem fair really if the problem is out-of-date documentation. I have tried to work it out but without success. Thanks.

 

[IgorG]

I can only recommend to create a request to support team. They will find solution for you. Please create a ticket to support at https://www.odin.com/support/request/ .
You may have free support, please check what kind of Plesk license you use for available support options at http://kb.odin.com/en/121580 .
If there’s no free support in your case, you can order Plesk per-incident support at http://www.odin.com/support/buy-support/ Support team will contact you as soon as purchase is processed, and they will do the best to resolve it.
If it is found that your problem was caused by product bug w/o available solution or workaround from Parallels, then your purchase will be re-funded.

 

[JulianP]

I submitted a support request. They said the functionality to alter specific permissions was removed in Plesk 12. The only way to set permissions via CLI is to alter
%plesk_dir%\etc\hosting_security.xml and reapply the template with repair.exe. However, this would wipe out any permissions that were manually set via the GUI, so is not a viable workaround.

The change was not mentioned in release notes and the documentation was not updated, indicating that the change was not intentional. The fact that the error message mentions the parameter --webspace-name, which has never been a HostingSecurity parameter before, implies to me that developers started amending the code and then stopped for some reason, leaving the original functionality broken.
Please can this be fixed.

 

[IgorG]

Have you requested fix in scope of support ticket? Actually this is much more suitable place for submitting requests.

 

[JulianP]

I did request they fix it in the support ticket. They suggested I submit a feature request, which seems a bit futile in the circumstances.

 

[JulianP]

Good news, I was wrong!

> However, this would wipe out any permissions that were manually set via the GUI, so is not a viable workaround.

repair.exe doesn't wipe out permissions that were manually set via the GUI. It grants permissions set in %plesk_dir%\etc\hosting_template.xml then applies any additional permissions set via the GUI which are stored in %plesk_vhosts%\domain.co.uk\.plesk\.Security

e.g.
"%plesk_cli%\repair.exe" --repair-webspace-security -webspace-name domain.co.uk

So it is possible to manipulate %plesk_dir%\etc\hosting_template.xml via a script and run repair.exe to apply the changes to a domain. However, the script would need to backup the default hosting_template.xml file then restore it afterwards, otherwise the scripted permissions would be used for new domains created subsequently.

> The only way to set permissions via CLI is to alter %plesk_dir%\etc\hosting_security.xml and reapply the template with repair.exe.

Sorry, I meant %plesk_dir%\etc\hosting_template.xml not hosting_security.xml