• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved is it possible to have "Restrict the ability to follow symbolic links" on by default?

Linulex

Linulex

Silver Pleskian
is it possible to have default "Restrict the ability to follow symbolic links" turned on whenever there is a new hosting created? I guess this would be done via panel.ini?

I know how to enable them for all websites, but that's not a working option. Some scripts need it (older drupals).
i know you can enable it in service plans, but resellers and server owners make there own service plans. We have no control over those.

I have searched the forum and support but all i can find is how to turned it on for all, or how to turn it off if it isn't working.

The idea is: default for every new hosting = restriction on, if that doesn't work the owner can always change it.

regards
Jan
 
Simply create a Service Plan with the following setting:
1643462492497.png

And then configure your new hostings to use this service plan.
 
I missed that one thank you.

But this does kinda what i am after, not complete:

when a domain is created without a plan: restriction = on
when a domain is created with a plan: restriction = whatever is in the plan.

This is not good because resellers and admins don't have a notion what this does and will never activate it when creating plans.

regards
Jan
 
Linulex said:
when a domain is created without a plan: restriction = on
Click to expand...
I believe you could achieve this using the Plesk CLI as a workaround. Create a bash script thats fired from the Default domain (the first domain added to a subscription) created event in the Event Manger. Inside the script:

Bash: 
#!/bin/bash

if /usr/local/psa/bin/subscription -i  ${NEW_DOMAIN_NAME} | grep -q 'The domain is not subscribed to a service plan.'; then
        /usr/local/psa/bin/subscription --update-web-server-settings example.com -apache-restrict-follow-sym-links true
fi

Note, I have not tested this. It's just a solution pulled from the top of my head.
 
That would be an option, but then with the "Physical hosting created" event. I want it on for every new hosting, unless the client turns it off.

We had a wordpress hacked that created symlinks to every config file for all the most used cms script in existence to every domain on the server. I don't yet know how because no domain has ssh rights.

regards
Jan
 
The solution was simple and clean:

I created an event "Physical hosting created" running a shell script

Code: 
#!/bin/sh

plesk bin subscription --update-web-server-settings ${NEW_DOMAIN_NAME} -apache-restrict-follow-sym-links true;

Every single hosting that is created now, main domain, subdomain, whatever is protected now. If it needs to be disabled then the client can doe so, if not the client doesn't even know it exists but we know its safe.

Thank for the help and thinking along

Regards
Jan
 
You must log in or register to reply here.

Similar threads

I
Issue Problems with Open-Basedir and .htaccess (Plesk Obsidian 18.0.68 Web Pro Edition on Debian 12.9)
Replies
3
Views
414
scsa20
scsa20
W
Question Subscription locked except for when limits are reset to default?
Replies
0
Views
458
WeronikaS
W
Linulex
Question How do i change the permissions of the user with role owner?
Replies
2
Views
729
Linulex
Linulex
H
Question Symbolic links do not seem to work on server
Replies
0
Views
1K
herulf
H
K
Question Disable Plesk login link
Replies
1
Views
541
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top