• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question PHP shell_exec etc. security risk by default in plesk?

brother4

Basic Pleskian
Hello,

I setup an ubuntu dedicated server with plesk web host edition primary for internal projects. But I was wondering that php scripts by default can use shell_exec commands, navigate through the files from other customer etc.

Is there a better way to prevent these things instead of disable known php functions like opcache_get_status, exec,passthru, shell_exec, system, proc_open, popen, parse_ini_file, show_source, highlight_file?

At the moment ssh access for subscriptions is set to bin/bash (chrooted). And I tested it on php 7.4.5 FPM.

Thank you!
 
Last edited:
@IgorG I disagree on this one. Actually, yes, it is possible to access the full server structure including all other folders when the shell_exec, exec, passthru etc. commands are not disabled in the subscription. I'd most definitely recommend to turn these off, unless it is a server one uses for himself/herself only.
 
@IgorG I disagree on this one. Actually, yes, it is possible to access the full server structure including all other folders when the shell_exec, exec, passthru etc. commands are not disabled in the subscription. I'd most definitely recommend to turn these off, unless it is a server one uses for himself/herself only.

Hello,

I diabled these shell commands, but was wondering that this is the default setting. Without clear indication. :)
 
Back
Top