• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question New serviceplan PHP config default values

T

Tozz

Regular Pleskian
I'd like to disable open_basedir completely, on all our servers, from all serviceplans and all subscriptions. Primary reason for this is that open_basedir disable's statcaching, which can have detrimental effects on performance for PHP scripts that open a lot of files.

I have managed to fix almost everything, but I can't find where Plesk gets it's default configuration parameters from when creating a new serviceplan.
When I click on Serviceplans -> Create new Plan -> PHP Settings

The value for open_basedir is {WEBSPACEROOT}{/}{:}{TMP}{/}. Where is that coming from? I've configured open_basedir = none in /etc/php/*/*/php.ini and /opt/plesk/php/*/etc/php.ini.
 
I think it is hard coded. Removing the limit only makes sense if you run a server for yourself only, because otherwise, other people will be able to access all files and directories on the server beyond their own subscription. But if you are the only user, why would you want to split organization of domains up into several subscriptions and not just stick with a single huge subscription?
 
They can't access all files, because PHP is ran either as FastCGI or FPM, and both execute the PHP code as the system user (FTP user). So they can't access other subscription data. I'm not the only user, this is a shared hosting platform.

open_basedir doesn't make much sense anyway. We offer CGI, cronjobs and multiple other features that would allow a malicious user to bypass the open_basedir restriction from PHP.
 
Thank you for the detailed explanation. If this is your way, I respect your decision to configure your system this way. Unfortunately, I don't think there is a solution to the initial question.

For other users who stop by in this thread I would however like to add, that it is most certainly possible to hack a server if subscription accounts are not jailed to their own subscription directories and that this is a configuration not recommended when several users share the same server.
 
You must log in or register to reply here.

Similar threads

W
Question Subscription locked except for when limits are reset to default?
Replies
0
Views
125
WeronikaS
W
K
Issue Cannot add custom folder to the open_basedir PHP option.
Replies
6
Views
887
KevinPrimate
K
M
Resolved How to update default open_basedir for all websites?
Replies
6
Views
2K
Peter Debik
P
N
Question open_basedir issue with borlabs cookie
Replies
3
Views
871
Peter Debik
P
J
Issue PHP JIT not enabling with plesk performance booster
Replies
6
Views
2K
JohnWest
J
Back
Top