• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question How plesk does domain isolation?

vikK

New Pleskian
Server operating system version
Ubuntu
Plesk version and microupdate number
Plesk Obsidian Web Admin 18.0.48
On plesk web admin edition if I am the only admin and have 3 domains under the same admin account.

If one of the domains gets infected, can attacker get access to other 2 domains files or is it isolated?
 
Domains that are owned by the same subscriber or (in your case) admin, can access the web space shared by these domains. So, yes, indeed it could be possible for a script of one domain to access content of another. The reason for that is mainly that the websites run under the same system user.
[See post below for clarification.]

With the "Web Pro" or "Web Host" edition you'd have the ability to create separate subscriber accounts. Each account has their own user name and password. A malware located in one of such accounts cannot see or influence the others. So if you are looking for more security, splitting your domains into different subscriber accounts is highly recommended. (And besides that improved security, there are many other things that are quite beneficial of the Web Pro and Web Host editions, see a comparison here Plesk Editions).
 
Last edited:
Hi @Dave W , site isolation is an important topic. Please let me hear more on this, either here or in a private message, whichever you prefer. Instead of the current solution what would be your ideal solution?
 
Hi Peter,

Each site should ideally have different users, regardless of the subscription user. It really should be an opt in option to have the same user as another website on a subscription.

Yes I know you can set it up so that each client can have separate subscriptions for each site, but this then means that each client has numerous logins to manage or theyre configured as a Reseller which adds complexity from the clients POV.

Most shared hosting platforms using Plesk (or cPanel) use a single subscription (webspace) with a limit on the number of domains you can host via the Service Plan on that subscription, but each of those domains has the same user. This allows one compromised site to Xinfect the others in the same subscription.

Dave_W
 
Domains that are owned by the same subscriber or (in your case) admin, can access the web space shared by these domains. So, yes, indeed it could be possible for a script of one domain to access content of another. The reason for that is mainly that the websites run under the same system user.

With the "Web Pro" or "Web Host" edition you'd have the ability to create separate subscriber accounts. Each account has their own user name and password. A malware located in one of such accounts cannot see or influence the others. So if you are looking for more security, splitting your domains into different subscriber accounts is highly recommended.
Huh? We have Web Pro, in Power User view, and adding a new domain looks like this:
1671097861262.png
So it creates a new, separate system user for the new domain by default. No need to add a subscriber.
 
I am confused. I was under the impression that regardless of which Plesk edition you're using, primary domains always run with their own separate system user.
When using the Provider View (on Web Pro or Host editions) these primary domains are called subscriptions. When using the Power User View (default for Web Admin) primary domains are called webspaces. Just named differently, technically it's the same thing; a domain that runs with it's own system user.

The only domains that don't run with their own system user are domains that are added to subscriptions or webspaces. I.e "add-on domains".

So domains on a Plesk server with Web Admin edition are "just as safe" as on Web Pro or Host editions. Or am I missing something?
 
I'll go check that. My current state is that Web Admin is not treating the domains as separate system users, but similar to the admin based domains on the other licences. But I could be terribly wrong on that and will now try to find someone who knows that for sure.
[Edit: After back-checking with tech department I got the info that all domains are using the same sysuser. It must have been that way in the past somewhere, because that was also what I knew, but in a test scenario I did later that day I found that on that licence all domains have a different sysuser.]
 
Last edited:
I can confirm that on the Web Admin edition, all three domains run under the same system user. Separation to three different system users will need the Pro or Host licence.
And again I tried to verify this and now see a different scenario on one test. Now checking whether there is a difference between the Web Admin SE and the Web Admin.
 
Last edited:
Hi Peter,

Each Service Plan is applied to a webspace. You cannot add a number of webspaces to a subcription.
So when you log in as a user for a subscription and add a new domain this domain is added to the subscriptions webspace with the same user as all the other domains in that webspace which results in all sites on that webspace being vulnerable if one of them is. Same applies to cPanels idea of "Add-on domains".

This applies to all versions of Plesk.

The example Mow shows above is as an Admin adding a domain to a server, not as a Subscription user.

Rgds
Dave_W
 
Even in Webadmin SE edition when adding a domain we see similar option like shared by @mow above. All domains will have different 'system user'.

1671176162762.png

I noticed in screenshot shared by mow it shows Add Domain whereas in Webadmin SE it shows Adding new Web Space. I guess every domain or addon domain have their own webspace.

All sub-domains will have the same 'system user' as main domain and share the webspace of main domain.

But I think all domains/webspaces belong to the same login user/account which is used for login into that subscription or incase of WebAdmin SE the 'admin' account. So an attacker would be able to access all domains/webspace data that belongs to the login user/account.

System user​


Here you can specify an operating system user for managing files and folders within the webspace by FTP or with File Manager. The system user is also used to access Plesk over SSH (on Linux) or RDP (on Windows) if the corresponding permissions are granted.
 
I think you're missing my point.

Take a plesk server set up for multiple clients.

Each client gets a subscription configured by a particular Service Plan.

Any domains added to that subscription will have the same user because all of that clients domains are managed in their subscriptions webspace.

If you are logged in as Admin to a server then yes you can select a new webspace for a domain. If you are a client logged into a subscription then all your domains are in the one webspace.

Dave_W
 
Guys, I must apologize. To clarify: The question was whether on the "Web Admin" licence each domain that the licence owner adds is running under the same system user. My previous knowledge was: Yes, it does. When you guys said that this is different I went to ask tech staff and they responded that on the "Web Admin" licence indeed all domains that the user adds are using the system user.

But later yesterday I had set-up a test scenario for exactly that case and found something different, like @vikK is showing in the screenshot above. So most obviously as tech leaders also were under the impression that all domains of a "Web Admin" licence are using the same sysuser there must have been some upgrade in the past that we missed.

The correct information is: Each domain that is added on a "Web Admin" licence is using a separate sysuser account. For that reason, malware that infects one domain cannot infiltrate another easily.

However, what is still true is that there is only one admin login by default, so if an attacker manages to login to that Plesk server, the attacker can access all domains.

@Dave W You are also right, but on the "Web Admin" licence, the user normally adds the domains directly from admin level. He does not see the "subscription" concept. On the bigger licences, with subscription concept, the user can also add several domains into the same subscription. In that case such domains are prone to migrated attacks from other domains in that subscription.

I hope this clarifies it all. I'll update my previous posts in this thread accordingly. If you have any more questions, I'll be more than happy to get the answers right for you. There have been several questions on the different licence types and I am more than willing to make sure that it is clear how it all works.
 
Back
Top