• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Resolved Only subscribtion owner can view website statistics

Sergio Manzi

Sergio Manzi

Regular Pleskian
Hello everybody... first post here, nice to meet you all!

I'm setting up two Plesk (12.5.30#40) instances under Centos 7.2 (comiing from cPanel, btw).

I have several issues, but one is becoming a real pain in the neck:

For a domain I have two Plesk users:
  • Domain owner (unix user xxx)
  • Webmaster
Webmaster has the following permissions:
  • Create and manage databases
  • View statistics
  • Upload and manage files
  • Create and manage mail accounts
  • Create and manage mailing lists
I also created an "FTP Access" with name "xxx_logs" and "Home directory" set to /

When webmaster tries to access "Web Statistics" (Awstats) he is asked for a username (as I've set the corresponding option to limit access to FTP users).

Now the problem: if webmaster tries to use the "xxx_logs" username/password he is denied access. Only using the "xxx" username/passwords he can see the Web statistics.

This obviously denies the the benefit of having the somehow-limited webmaster account as he must be given the xxx username/password to view statistics...

Is there anything wrong with the above configuration, or I'm facing a bug?

Thanks to whomever can help me!
 
I'm really really sorry bumbing this, but I think I made my homework reading whatever I could find about the issue and trying whatever I could conceive, but I've yet to find a solution.

Is there anybody that can help me with this:
  • Is it correct to assume that not only a subscription owner, but also other secondary users defined under a subscription can access the statistics (Awstats) via the Plesk control panel, given they have the correct authorizations and are also defined as FTP users?

  • If yes, how? Whatever I tried (see my previous post) and something more (like assigning a chrooted shell to the secondary users) have failed...

Thanks!
Sergio
 
Hi Sergio Manzi,

you could achieve your goal by adding additional htaccess - rights for an additional user at "/var/www/vhosts/system/YOUR-DOMAIN.COM/pd/d..httpdocs@plesk-stat" - the equivalent of a ".htpasswd" - file ( in this case for the protected Plesk-Stat - location, defined in your domain - specific apache2 configuration.
Example for german language:
Code: 
        <Directory "/var/www/vhosts/system/YOUR-DOMAIN.COM/statistics">
            AuthType Basic
            AuthName "Domainstatistiken"
            AuthUserFile "/var/www/vhosts/system/YOUR-DOMAIN.COM/pd/d..httpdocs@plesk-stat"
            require valid-user
        </Directory>

Be aware that the password has to be encrypted and each line stands for an user and it's password.
Use for example "http://www.htaccesstools.com/htpasswd-generator/" to generate and manually add the user and it's password, or use your command line:

htpasswd /var/www/vhosts/system/YOUR-DOMAIN.COM/pd/d..httpdocs@plesk-stat NEWUSERNAME

This adds or modifies the password for user NEWUSERNAME - you will be prompted to add a password, when you use the above command over the command line and either the user and it's password will be added, or modified.

More informations to the "htpasswd" - usage can be read at: http://httpd.apache.org/docs/current/programs/htpasswd.html
 
Thanks, UFHH01, I think we are on the right path:

I managed to add the needed user to the domain's d..httpdocs@plesk-stat file using the htpasswd command (I tend not to use external services for this kind of things...), but I still have a stupid newbie question: where do I put the <Directory>...</Directory> code?
 
... ah, I see, there is no need for me adding that: it is probably already part of the virtual host configuration... :rolleyes:

Thanks again, UFHH01, it works!! Flagging your answer...

Cheers!

Sergio
 
Sergio Manzi said:
it is probably already part of the virtual host configuration... :rolleyes:
Click to expand...
Correct... pls. see: "/var/www/vhosts/system/YOUR-DOMAIN.COM/conf/httpd.conf" or "/var/www/vhosts/system/YOUR-DOMAIN.COM/conf/httpd_ip_default.conf"

I'm glad that you solved your issue. :)
 
You must log in or register to reply here.

Similar threads

F
Resolved New FTP user becomes visual owner of all files of the webspace on Alma 8.x
Replies
7
Views
2K
stephanecottin
S
W
Resolved Awstats error refused connetion
Replies
2
Views
1K
WiseWill
W
burnley
Forwarded to devs It is possible to create mail box without triggering 'Create Mailname' event handler
Replies
4
Views
1K
Peter Debik
P
T
Issue After moving subscription, users receive message "Your subscription was removed", Cannot create new webspace.
Replies
2
Views
1K
thespark
T
Bitpalast
AWStats access protection incompatible with Apache 2.4, causes "client denied by server configuration", triggers fail2ban
Replies
0
Views
512K
Bitpalast
Bitpalast
Back
Top