• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Limit user power to change file and permission

carini

carini

Basic Pleskian
Server operating system version
Ubuntu 22.04.4 LTS
Plesk version and microupdate number
Plesk Obsidian v18.0.63_build1800240825.09
Good morning,

We are frequently encountering problems where users are making unauthorized changes to permissions on their sub-domains, leading to broken sites. It seems some users, lacking proper sysadmin skills, are making changes and then blaming us when things go wrong.

Is possible to implement restrictions to prevent users from changing permissions or creating files and directories outside the webroot?

Screenshot 2024-08-28 at 19.51.58.png
 
Some users start fiddling with file permissions when their website doesn't work as expected. Plesk might want to implement this.
 
Yes that would be good idea to implement. But telling to the customer to not touch permissions should be sufficient. just inform them that the permissions is not causing the website to work as expected
 
You raise a valid point about informing users, but the challenge is identifying the right moment to do so. In many cases, users might not seek help before making changes or might involve a third party who lacks direct communication with us.

Given this, having a system-level restriction or safeguard could help prevent issues before they arise. While educating users is important, it might not always be sufficient to avoid these problems.
 
My customers never have this issue. It’s common sense for a human not to touch that which he does not understand
 
Rexvolkov said:
Yes that would be good idea to implement. But telling to the customer to not touch permissions should be sufficient. just inform them that the permissions is not causing the website to work as expected
Click to expand...
No, it is not. The can also weaken the security of their site by giving 777 permission everywhere.
 
Unfortunately, at this point there is no option to limit the users performing permission changes via the File Manager. It seems like a valid request to me knowing that sometimes users indeed are performing changes carelessly without knowing the actual consequences and vulnerability threats. @carini I would like to encourage you to create a new UserVoice request and everyone else who wants to see this feature integrated to vote for it.
 
You must log in or register to reply here.

Similar threads

V
Varnish for WordPress in a Docker container
Replies
5
Views
5K
Laurence@
Laurence@
V
Google PageSpeed Insights – How to optimize your site to rank higher
Replies
1
Views
4K
Andrew Roy
Andrew Roy
E
Varnish for WordPress in a Docker container in Plesk Onyx
2
Replies
25
Views
13K
Andrew_Pa
A
R
suexec = serious security concerns
Replies
1
Views
5K
RayMorris
R
E
When will "autoinstall.plesk.com" update my old apache on my PLESK-server?
Replies
6
Views
3K
w3it
W
Back
Top