• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

PHP safe mode On by default for each domain

A

ashopandreas

Guest
In Plesk 8 the safe_mode setting in php can be turned on/off for each domain separately. If you want safe mode to be off (to make php useful) and have many domains on your server you are in for a nice surprise. The default is safe_mode = On and it can only be changed by unchecking a checkbox for each one of your domains. Try doing this on a hundred domains and you will be very thankful to Plesk for making your life harder.

The checkbox can be found on the hosting setup page for a domain, next to the checkbox that activates php. Changing php.ini won't make a difference. This checkbox overrides that setting through the httpd.include files.

A suggestion to the Plesk development team: you should either let people select this during installation/update or use the value currently in php.ini.
 
Can you not use group operations to do this for all the domains at once?

You are aware that when safe_mode is off, any of your customers can read, edit or delete any and all files on your server by using a simple php script.
 
Originally posted by ashopandreas
If you want safe mode to be off (to make php useful)
Click to expand...

What a grap, are you kidding?! Disabling safe mode would be a big security lack.
 
erm php safe mode off is supposed to be a default setting on the majority of php servers.

also no user can read/write/execute all files unless they are root.

safe mode off, globals off, install mod security.
 
LOL, yes technically you are correct, however, your httpd service runs PHP, and thus any user can ready files and execute them as the user apache, if a user was to upload a rootkit to thier account they could execute it and effectively get root access, however apache has enough access already to ready to manipulate all your customer files? Do your customers know that other customers can ready thier private information on your server? Including any stored credit card numbers and personal contact information.

If you really need php safe mode Off, you should be using virtuosso, or have grsecurity or a very stronge SELInux ACL.

In my 7 years of hosting, we have never turned off php safemode and we have thousands of shared hosting customers, who do not mind it. However, I must admin that most of our customers are using coldfusion scripting where we can have them in a security sandbox.
 
Originally posted by ALGORYTHM
erm php safe mode off is supposed to be a default setting on the majority of php servers.
Click to expand...


Maybe.. that's probably why php6 will only be available in safe mode on, without any option to turn it off...
 
Just a quick note to add that you may have to run websrvmng -a -v to have the system read in the new config after running a group update to turn safe mode off.
 
Originally posted by cyrus1u1
Maybe.. that's probably why php6 will only be available in safe mode on, without any option to turn it off...
Click to expand...
erm where did you hear that? :p

http://uk.php.net/features.safe-mode
The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now.
Click to expand...
oh and the good bit..
Warning
Safe Mode was removed in PHP 6.0.0.
Click to expand...
i know you're all hosts so would prefer it on, i hang out with alot of coders and they really want it off ;)
 
Yes, there is always a trade off between security and usability. But I ask you this: What good is a fantastic script when the script creates a security hole on most shared servers?
 
The only secure means to accomplish removing php_safe mode is to have PHP run under SU_EXEC, which forces each script to run as the account/vhosts UID & GID. Exactly how we have PERL/CGI running in PLESK. If you attempt to run a perl script as a UID other then your own, the script will fail. We have been asking PLESK & SW-SOFT for years now to emplement this for PHP, which is totally possible, but they refuse to make the switch, therefor PLESK users can only rely on safe_mode to protect thier customer data. You can remove it at your own risk, but you must be aware that you are absolutely opening up your server to directory traversals and the reading and editing of files between shared hosting accounts on the server. It is only a matter of time before one of your customers are robbed blind, and then it will be your problem, as the admins and not the programmers fault.

Again I beg of you SW-SOFT PLEASE USE PHP UNDER SU_EXEC!!!
 
Originally posted by ALGORYTHM
[..] Safe Mode was removed in PHP 6.0.0. [..]
Click to expand...

To my knowledge, as I said, this means that you won't have any option to turn it off, because it will be turned on per default which could mean it was removed. (removed - the possiblity to turn it off)
 
Doesn't open_basedir restrict php-access to other users files anyway? Even if safe_mode is off a php-script can't access any files outside it's open_basedir-setting, which as default is set to /tmp and the domains own /httpdocs?

On http://no.php.net/manual/en/features.safe-mode.php they say:

"If instead of safe_mode, you set an open_basedir directory then all file operations will be limited to files under the specified directory."

But in a comment by "tom" on the same page, he says:

"open_basedir only restricts file operations to files and directories under a specified directory, but you can still user system ("vi /home/somedir/somefile"), so safe_mode still has a place here as it is much more restrictive then open_basedir."

But as PLESK still refuses to run php suexec, safe_mode really makes php unusable. A large amount of customers need safe_mode off to make Joomla, Gallery and other popular webapps work.

So, is safe_mode = off really such a big security-risk as long as the open_basedir setting is used properly?
 
Originally posted by cyrus1u1
To my knowledge, as I said, this means that you won't have any option to turn it off, because it will be turned on per default which could mean it was removed. (removed - the possiblity to turn it off)
Click to expand...
erm no :rolleyes:

people wrongly assume that once safe mode has been enabled the server is safe, it's not. the decision to remove safe mode means you have to find other ways to secure your server.

it's not really such a big thing since register globals is going too :D

Discussion: As safe_mode is a name that gives the wrong signals as making PHP safe, we all agreed that we should remove this function. It can never be made totally safe as there will always be ways to circumvent safe_mode through libraries. This kind of functionality also better belongs in the web server or other security scheme. open_basedir is a feature that we will keep, and we will point users to this functionality in the error message that is thrown when we detect this setting on start-up.
Click to expand...
http://www.php.net/~derick/meeting-notes.html#safe-mode
 
You must log in or register to reply here.

Similar threads

M
Issue New domains view very slow and confusing
Replies
1
Views
902
Peter Debik
P
M
Resolved How to update default open_basedir for all websites?
Replies
6
Views
2K
Peter Debik
P
S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
707
NewGate
N
M
Checkbox is only clickable on the corner in MAIL account settings
Replies
4
Views
1K
Kaspar
K
D
Issue 503 error when using www prefix as preferred url - php-fpm socket error
Replies
7
Views
2K
Peter Debik
P
Back
Top