• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Forwarded to devs Paragraph "Restricting Script Execution in the /tmp Directory" is missing in the "Advanced Administration Guide, Plesk for Linux Obsidian" guide

M

Maarten.

Golden Pleskian
Plesk Guru
Username:

TITLE

Paragraph "Restricting Script Execution in the /tmp Directory" is missing in the "Advanced Administration Guide, Plesk for Linux Obsidian" guide

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

not applicable

PROBLEM DESCRIPTION

In the "Advanced Administration Guide, Plesk for Linux 12.5, there is a paragraph that explains how to secure the /tmp directory:

docs.plesk.com

Enhancing Security

When you share a single physical server between many users, you consider all security aspects thoroughly. Although Pl...
docs.plesk.com docs.plesk.com

As this is still a security risk, I wonder why this is missing in the latest Obsidian guide:

Enhancing Security

STEPS TO REPRODUCE

not applicable

ACTUAL RESULT

not applicable

EXPECTED RESULT

not applicable

ANY ADDITIONAL INFORMATION

(DID NOT ANSWER QUESTION)

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Answer the question
 
Consulted with the Plesk Security team. This section is absent because it is not related to Plesk but instead to OS itself. Securing the /tmp directory is not required in the current Plesk security model. Securing this directory may differ for various OSes. It is ok to secure /tmp directory, you could use OS-related instructions outside for securing the server. For example Securing /tmp on a linux server - ITsyndicate
 
Can you please share more details on the "current Plesk security model"?
Why is securing the /tmp folder no longer needed? Because of SELinux?
 
It is not "no longer needed". It is just "not needed". Nothing has changed.
  1. The lack of restricting execution in /tmp is not a vulnerability by itself.
  2. Restricting execution in /tmp can make exploitation of some potential vulnerabilities more difficult because this is a well-known location which exploits often try to use.
  3. Restricting execution in /tmp cannot fully protect from such potential vulnerabilities because (almost) always there are directories other than /tmp allowing an exploit to write and execute files.
 
You must log in or register to reply here.

Similar threads

P
Resolved 18.0.58 Upgrade throws error when directory is absent
Replies
2
Views
729
Peter Debik
P
C
Forwarded to devs Git deploy actions script not recognising end of if
Replies
4
Views
2K
Peter Debik
P
M
Resolved Node.js Toolkit: missing tooltip text on [Disable Node.js] button
Replies
3
Views
1K
Peter Debik
P
K
Forwarded to devs Documentation missing for some Event Handlers
Replies
1
Views
671
Peter Debik
P
J
catchall feature missing on Almalinux 9 Plesk web admin LXC
Replies
1
Views
587
Peter Debik
P
Back
Top