• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

HostingSecurity.exe requires undocumented parameter

J

JulianP

Basic Pleskian
OS: Microsoft Windows Server 2008 R2 Service Pack 1
Panel version: 11.5.30 Update #41

Runnning HostingSecurity.exe fails with a message saying that the --user-name is required...

Code: 
"C:\Program Files (x86)\Parallels\Plesk\admin\bin\HostingSecurity.exe" --update-domain-security --vhost-name=domain.co.uk --add-template=custom-security-template.xml
Missing required parameter --user-name. Possible parameters:
    --vhost-name
    --user-name
    [--add-template]
    [--remove-template]

However, the --user-name parameter is not documented in the command's usage (obtained with the --help parameter) or the online help...
http://download1.parallels.com/Ples...ne/plesk-win-cli/index.htm?fileName=45525.htm

If the --user-name parameter is added, there is no error, but the command has no effect.

This previously worked on Plesk 10.4.

How to make the command work properly?

Thanks,
Julian
 
For your reference - Bugreport PPP-9504 has been submitted regarding this issue.
 
I checked it on the test server and customized permisions were set successfully.

Code: 
<Entry AccounType="0" Account="Null" Path="[HTTPD_VHOSTS_D]" SubPath="httpdocs\testperm" AceFlags="ThisFolderAndSubfolders" AccessMask="Modify" EntryFlags="0x140" Tag="PsaAdmin" Tag2=""/>

Make sure you are checking the new permissions in Advanced security settings

perm.JPG
 
Hi Dmitriy, thank you for investigating this problem.

Did you include the --user-name parameter? If so, how is it used? In what circumstances is the parameter required?

I copied and pasted your example Entry tag and changed the folder name to httpdocs/assets.

When HostingSecurity is run without the --user-name parameter...

Code: 
"C:\Program Files (x86)\Parallels\Plesk\admin\bin\HostingSecurity.exe" --update-domain-security "--vhost-name=domain.co.uk" "--add-template=security-templates\test-security-template.xml"

...I get an error message...

Code: 
Missing required parameter --user-name. Possible parameters:
    --vhost-name
    --user-name
    [--add-template]
    [--remove-template]

When HostingSecurity is run with the --user-name parameter...

Code: 
"C:\Program Files (x86)\Parallels\Plesk\admin\bin\HostingSecurity.exe" --update-domain-security "--vhost-name=domain.co.uk" "--add-template=security-templates\test-security-template.xml" --user-name

...it shows no message, returns zero (as detected by dos batch file errrorlevel statement) and updates the .security file modified time. However, the .security file has exactly the same size as before and permissions on the target assets folder are not changed. When the permissions are checked on the target folder with Windows Explorer, the Advanced Security Settings dialog box does not show psaadm in the list.

In my original example, it is the IUSR_domain account that I want to grant modify permission to, so the xml file has Tag="AnonymousDomainUser"

Thanks,
Julian
 
Last edited:
The documentation has incorrect description of required options. Always specify --user-name option.

For each hosting subscription, Panel creates a system user - a user account in the Panel server operating system. Customers obtain their system users' access credentials from their service providers and use these credentials for connecting to the server through FTP, SSH, and so on. In addition, all operations with files and directories in Panel are performed on behalf of system users. For example, when a customer adds a new file in File Manager, the subscription's system user becomes the owner of the file.

To change a subscription's username:

Go to Subscriptions, and click the <Subscription> in the list.
Click Change Hosting Settings.


My example:

Code: 
"%plesk_bin%\HostingSecurity.exe" --update-domain-security  --vhost-name=test.com  --add-template="C:\Program Files (x86)\Parallels\Plesk\etc\hosting_template_custom.xml" --user-name=testuser
 
HI Dmitriy

Thank you for the explanation.

I have tried running HostingSecurity.exe with the --user-name parameter set to the appropriate FTP user for the site. No messages were shown and the return code was zero, but the command has no effect at all. When the permissions are checked on the target folder with Windows Explorer, the Advanced Security Settings dialog box shows 'C:\inetpub\vhosts\domain.co.uk\httpdocs' in the inherited column for all entries. In the Permission Entry dialog box, for both the IUSR_ entries, the Allow column shows greyed ticks only and no black ticks granting write access.

Is this a known problem? Are you able to reproduce it?

Thanks,
Julian
 
Hello,

I did not reproduce the same behaviour you described. Ok, try to perform my test:
1. Create the new subscription 'test.com' with system user 'testuser'
2. Create the folder %plesk_vhosts%\test.com\httpdocs\testperm
3. Copy the original template :

Code: 
copy "%plesk_dir%\etc\hosting_template.xml" "%plesk_dir%\etc\hosting_template_custom.xml"
4. Add the new line to new template

Code: 
<Entry AccounType="0" Account="Null" Path="[HTTPD_VHOSTS_D]" SubPath="httpdocs\testperm" AceFlags="ThisFolderAndSubfolders" AccessMask="Modify" EntryFlags="0x140" Tag="PsaAdmin" Tag2=""/>

5. Run the command:

Code: 
"%plesk_bin%\HostingSecurity.exe" --update-domain-security  --vhost-name=test.com  --add-template="C:\Program Files (x86)\Parallels\Plesk\etc\hosting_template_custom.xml" --user-name=testuser
 
Hi Dmitriy

The reason HostingSecurity.exe ddin't work for me is that I was using a relative path for the --add-template parameter. The --add-template parameter must be an absolute path.

So there are 2 issues with HostingSecurity.exe that should be fixed:

1) If the template file cannot be opened, an error message should be shown and an error code returned.
2) The template file parameter should allow relative paths. It is standard behaviour across Windows and unix command-line programs that any file parameter should allow relative and absolute paths.

Please add these comments to Bugreport PPP-9504. Can the progress of this bug be tracked online? Otherwise, please could you add me so I get notifications?

Also, the documentation still hasn't been updated to include the --user-name parameter.
http://download1.parallels.com/Ples...ne/plesk-win-cli/index.htm?fileName=45525.htm

I discovered that the --user-name parameter can be any Plesk user account. This could be useful if it was necessary to grant one IUSR access to files on another domain.
e.g.
"%plesk_bin%\HostingSecurity.exe" --update-domain-security "--vhost-name=domain1.co.uk" "--add-template=C:\path\to\template.xml" "--user-name=domain2"

Thanks,
Julian
 
After a month, the documentation still hasn't been updated :(

What is the status of Bugreport PPP-9504? Can the progress of this bug be tracked online? If not, please could you add me so I get notifications?
 
You must log in or register to reply here.

Similar threads

Dmytro
Question unzip archive with Cyrillic filenames inside
Replies
1
Views
885
Dmytro
Dmytro
Ming
Issue Passenger issue - boost::thread_resource_error: Resource temporarily unavailable
Replies
12
Views
3K
Ming
Ming
J
HostingSecurity.exe command --update-domain-security not supported
Replies
8
Views
2K
JulianP
J
I
Using Elastic Stack for Data Analysis and XenForo for Forums
Replies
0
Views
2K
igubaidullin
I
A
Issue /bin/bash(chrooted) SSH suddenly denied for all domains
Replies
3
Views
3K
AgBillings
A
Back
Top