Facebook
Twitter
E
eric1234
Guest
I'm trying to understand Plesk's security model. I just recently got a server setup with plesk on it and I want to make sure I understand how things are setup.
From what I have read CGI applications execute via suexec so the script is executed according to the owner of the script. So if I setup a domain with the user "bob" owning the files then the script should execute as "bob" right?
Now what about PHP. I have a PHP application (pLog) that is on one of my domains. It caches processed template files in a temp directory. I have noticed that those files are created with "www-data" as the owner. Shouldn't "bob" be the owner? Or are PHP scripts not executed as a CGI under suexec? If PHP scripts are executed as "www-data" how do I get around safe mode restrictions. The script is owned by "bob" so if it tries to read these cached files then it gets a safe mode restriction. I don't want to turn off safe mode but I think a script should be able to write a file and then read that file. What is the proper Plesk way to get around this problem. Right now the only option seems to be to chown all the script files to www-data but then the user can't edit those file.
Also what about mod_perl and mod_python? I noticed those options and I was wondering about that. From my understanding mod_perl runs a single interpreter under the Apache process. So would all domains that were using mod_perl be running under the same process? Wouldn't this lead to security concerns. Or does Plesk somehow run a seperate interpreter for each domain?
Just trying to make sure I understand how plesk works so that I can ensure I am setting things up properly.
From what I have read CGI applications execute via suexec so the script is executed according to the owner of the script. So if I setup a domain with the user "bob" owning the files then the script should execute as "bob" right?
Now what about PHP. I have a PHP application (pLog) that is on one of my domains. It caches processed template files in a temp directory. I have noticed that those files are created with "www-data" as the owner. Shouldn't "bob" be the owner? Or are PHP scripts not executed as a CGI under suexec? If PHP scripts are executed as "www-data" how do I get around safe mode restrictions. The script is owned by "bob" so if it tries to read these cached files then it gets a safe mode restriction. I don't want to turn off safe mode but I think a script should be able to write a file and then read that file. What is the proper Plesk way to get around this problem. Right now the only option seems to be to chown all the script files to www-data but then the user can't edit those file.
Also what about mod_perl and mod_python? I noticed those options and I was wondering about that. From my understanding mod_perl runs a single interpreter under the Apache process. So would all domains that were using mod_perl be running under the same process? Wouldn't this lead to security concerns. Or does Plesk somehow run a seperate interpreter for each domain?
Just trying to make sure I understand how plesk works so that I can ensure I am setting things up properly.
