• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Only subscribtion owner can view website statistics

Sergio Manzi

Sergio Manzi

Regular Pleskian
Hello everybody... first post here, nice to meet you all!

I'm setting up two Plesk (12.5.30#40) instances under Centos 7.2 (comiing from cPanel, btw).

I have several issues, but one is becoming a real pain in the neck:

For a domain I have two Plesk users:
  • Domain owner (unix user xxx)
  • Webmaster
Webmaster has the following permissions:
  • Create and manage databases
  • View statistics
  • Upload and manage files
  • Create and manage mail accounts
  • Create and manage mailing lists
I also created an "FTP Access" with name "xxx_logs" and "Home directory" set to /

When webmaster tries to access "Web Statistics" (Awstats) he is asked for a username (as I've set the corresponding option to limit access to FTP users).

Now the problem: if webmaster tries to use the "xxx_logs" username/password he is denied access. Only using the "xxx" username/passwords he can see the Web statistics.

This obviously denies the the benefit of having the somehow-limited webmaster account as he must be given the xxx username/password to view statistics...

Is there anything wrong with the above configuration, or I'm facing a bug?

Thanks to whomever can help me!
 
I'm really really sorry bumbing this, but I think I made my homework reading whatever I could find about the issue and trying whatever I could conceive, but I've yet to find a solution.

Is there anybody that can help me with this:
  • Is it correct to assume that not only a subscription owner, but also other secondary users defined under a subscription can access the statistics (Awstats) via the Plesk control panel, given they have the correct authorizations and are also defined as FTP users?

  • If yes, how? Whatever I tried (see my previous post) and something more (like assigning a chrooted shell to the secondary users) have failed...

Thanks!
Sergio
 
Hi Sergio Manzi,

you could achieve your goal by adding additional htaccess - rights for an additional user at "/var/www/vhosts/system/YOUR-DOMAIN.COM/pd/d..httpdocs@plesk-stat" - the equivalent of a ".htpasswd" - file ( in this case for the protected Plesk-Stat - location, defined in your domain - specific apache2 configuration.
Example for german language:
Code: 
        <Directory "/var/www/vhosts/system/YOUR-DOMAIN.COM/statistics">
            AuthType Basic
            AuthName "Domainstatistiken"
            AuthUserFile "/var/www/vhosts/system/YOUR-DOMAIN.COM/pd/d..httpdocs@plesk-stat"
            require valid-user
        </Directory>

Be aware that the password has to be encrypted and each line stands for an user and it's password.
Use for example "http://www.htaccesstools.com/htpasswd-generator/" to generate and manually add the user and it's password, or use your command line:

htpasswd /var/www/vhosts/system/YOUR-DOMAIN.COM/pd/d..httpdocs@plesk-stat NEWUSERNAME

This adds or modifies the password for user NEWUSERNAME - you will be prompted to add a password, when you use the above command over the command line and either the user and it's password will be added, or modified.

More informations to the "htpasswd" - usage can be read at: http://httpd.apache.org/docs/current/programs/htpasswd.html
 
Thanks, UFHH01, I think we are on the right path:

I managed to add the needed user to the domain's d..httpdocs@plesk-stat file using the htpasswd command (I tend not to use external services for this kind of things...), but I still have a stupid newbie question: where do I put the <Directory>...</Directory> code?
 
... ah, I see, there is no need for me adding that: it is probably already part of the virtual host configuration... :rolleyes:

Thanks again, UFHH01, it works!! Flagging your answer...

Cheers!

Sergio
 
Sergio Manzi said:
it is probably already part of the virtual host configuration... :rolleyes:
Click to expand...
Correct... pls. see: "/var/www/vhosts/system/YOUR-DOMAIN.COM/conf/httpd.conf" or "/var/www/vhosts/system/YOUR-DOMAIN.COM/conf/httpd_ip_default.conf"

I'm glad that you solved your issue. :)
 
You must log in or register to reply here.

Similar threads

F
Resolved New FTP user becomes visual owner of all files of the webspace on Alma 8.x
Replies
7
Views
3K
stephanecottin
S
W
Resolved Awstats error refused connetion
Replies
2
Views
2K
WiseWill
W
burnley
Forwarded to devs It is possible to create mail box without triggering 'Create Mailname' event handler
Replies
4
Views
2K
Peter Debik
P
T
Issue After moving subscription, users receive message "Your subscription was removed", Cannot create new webspace.
Replies
2
Views
1K
thespark
T
Bitpalast
AWStats access protection incompatible with Apache 2.4, causes "client denied by server configuration", triggers fail2ban
Replies
0
Views
575K
Bitpalast
Bitpalast
Back
Top