Resolved is it possible to have "Restrict the ability to follow symbolic links" on by default?

[Linulex]

is it possible to have default "Restrict the ability to follow symbolic links" turned on whenever there is a new hosting created? I guess this would be done via panel.ini?

I know how to enable them for all websites, but that's not a working option. Some scripts need it (older drupals).
i know you can enable it in service plans, but resellers and server owners make there own service plans. We have no control over those.

I have searched the forum and support but all i can find is how to turned it on for all, or how to turn it off if it isn't working.

The idea is: default for every new hosting = restriction on, if that doesn't work the owner can always change it.

regards
Jan

 

[Monty]

Simply create a Service Plan with the following setting:


And then configure your new hostings to use this service plan.

 

[Linulex]

i know you can enable it in service plans, but resellers and server owners make there own service plans. We have no control over those.

 

[IgorG]

I guess this would be done via panel.ini?

 

[Linulex]

I missed that one thank you.

But this does kinda what i am after, not complete:

when a domain is created without a plan: restriction = on
when a domain is created with a plan: restriction = whatever is in the plan.

This is not good because resellers and admins don't have a notion what this does and will never activate it when creating plans.

regards
Jan

 

[Kaspar]

when a domain is created without a plan: restriction = on

I believe you could achieve this using the Plesk CLI as a workaround. Create a bash script thats fired from the Default domain (the first domain added to a subscription) created event in the Event Manger. Inside the script:

#!/bin/bash

if /usr/local/psa/bin/subscription -i  ${NEW_DOMAIN_NAME} | grep -q 'The domain is not subscribed to a service plan.'; then
        /usr/local/psa/bin/subscription --update-web-server-settings example.com -apache-restrict-follow-sym-links true
fi

Note, I have not tested this. It's just a solution pulled from the top of my head.

 

[Linulex]

That would be an option, but then with the "Physical hosting created" event. I want it on for every new hosting, unless the client turns it off.

We had a wordpress hacked that created symlinks to every config file for all the most used cms script in existence to every domain on the server. I don't yet know how because no domain has ssh rights.

regards
Jan

 

[Linulex]

The solution was simple and clean:

I created an event "Physical hosting created" running a shell script

#!/bin/sh

plesk bin subscription --update-web-server-settings ${NEW_DOMAIN_NAME} -apache-restrict-follow-sym-links true;

Every single hosting that is created now, main domain, subdomain, whatever is protected now. If it needs to be disabled then the client can doe so, if not the client doesn't even know it exists but we know its safe.

Thank for the help and thinking along

Regards
Jan