Question PHP shell_exec etc. security risk by default in plesk?

[brother4]

Hello,

I setup an ubuntu dedicated server with plesk web host edition primary for internal projects. But I was wondering that php scripts by default can use shell_exec commands, navigate through the files from other customer etc.

Is there a better way to prevent these things instead of disable known php functions like opcache_get_status, exec,passthru, shell_exec, system, proc_open, popen, parse_ini_file, show_source, highlight_file?

At the moment ssh access for subscriptions is set to bin/bash (chrooted). And I tested it on php 7.4.5 FPM.

Thank you!

 

[IgorG]

php scripts by default can use shell_exec commands

It's ok.

navigate through the files from other customer etc.

Are you sure?

Is there a better way to prevent these things instead of disable known php functions like opcache_get_status, exec,passthru, shell_exec, system, proc_open, popen, parse_ini_file, show_source, highlight_file?

Already done with file permissions.

 

[Bitpalast]

@IgorG I disagree on this one. Actually, yes, it is possible to access the full server structure including all other folders when the shell_exec, exec, passthru etc. commands are not disabled in the subscription. I'd most definitely recommend to turn these off, unless it is a server one uses for himself/herself only.

 

[brother4]

@IgorG I disagree on this one. Actually, yes, it is possible to access the full server structure including all other folders when the shell_exec, exec, passthru etc. commands are not disabled in the subscription. I'd most definitely recommend to turn these off, unless it is a server one uses for himself/herself only.

Hello,

I diabled these shell commands, but was wondering that this is the default setting. Without clear indication.