1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Plesk Security Model Questions

Discussion in 'Plesk for Linux - 8.x and Older' started by eric1234, Oct 15, 2005.

  1. eric1234

    eric1234 Guest

    I'm trying to understand Plesk's security model. I just recently got a server setup with plesk on it and I want to make sure I understand how things are setup.

    From what I have read CGI applications execute via suexec so the script is executed according to the owner of the script. So if I setup a domain with the user "bob" owning the files then the script should execute as "bob" right?

    Now what about PHP. I have a PHP application (pLog) that is on one of my domains. It caches processed template files in a temp directory. I have noticed that those files are created with "www-data" as the owner. Shouldn't "bob" be the owner? Or are PHP scripts not executed as a CGI under suexec? If PHP scripts are executed as "www-data" how do I get around safe mode restrictions. The script is owned by "bob" so if it tries to read these cached files then it gets a safe mode restriction. I don't want to turn off safe mode but I think a script should be able to write a file and then read that file. What is the proper Plesk way to get around this problem. Right now the only option seems to be to chown all the script files to www-data but then the user can't edit those file.

    Also what about mod_perl and mod_python? I noticed those options and I was wondering about that. From my understanding mod_perl runs a single interpreter under the Apache process. So would all domains that were using mod_perl be running under the same process? Wouldn't this lead to security concerns. Or does Plesk somehow run a seperate interpreter for each domain?

    Just trying to make sure I understand how plesk works so that I can ensure I am setting things up properly.
  2. rvdmeer

    rvdmeer Guest

    PHP is a scripting language processed by apache itself. Therefor temp files are created by apache and not by the user. chowning is as far as i know the only solution for this. But ofcourse, i'm not the only guy on the board :)
  3. mian

    mian Guest

    You are correct about how CGI applicatons run.

    PHP applications are not run as the user, this can be accomplished using suPHP but Plesk does not use this by default, you probably can get it to with some manual configuration.

    If you use Apache 2 in the same mode Apache 1 worked, multiprocess then the problems you described about mod_perl, mod_python and the 3rd party PHP library threadings should all be fine.
  4. JD Austin

    JD Austin Guest

    This has been an ongoing issue for a long time. When I ran version 6 of plesk this was not an issue. Version 7 on (about a year now) have had this issue.

    Please Plesk folks make php be suPHP by default. This issue is a constant annoyance because only administrators can change ownership from apache to the rightful owners. Every update I hope for this change.. but it never comes. Files in a users web directory should never be owned by apache since they cannot modify those items via ftp.

    This worked perfectly before, why was it broken in 7/7.x reloaded?