• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

[PPPM-4543] Can't give clients ability to change php version with out overriding provider's policy

burnley

burnley

Regular Pleskian
Firstly I'm unsure if this is a bug, or a feature request.

Its currently not possible for clients to select custom PHP builds added to a server. If you have added any custom php build for any reason e.g. plesk does not ship one for the OS used or you want to customize it these can not be selected by the clients.

Currently the only way to grant these capabilities is to also check the option 'Setup of potentially insecure web scripting options that override provider's policy' selection of which does work but in the context of shared hosting is a VERY BAD IDEA as it effectively removes all sorts of checks and security measures we do want to keep.

Custom PHP handers can be controlled under PHP Settings area on Tools & Settings so why are they also tied to 'Setup of potentially insecure web scripting options that override provider's policy' it should be separated to make custom php handlers usable.
 
Last edited:
Ok so one of my colleagues eventually solved this one, the issue is apparently our lack of understanding of the English language and faulty application of logic and reason.

The issue is related to 'php_handler_type' in your site_isolation_settings.ini, the option must remain commented out. If you have set it to site_isolation_settings.ini = any then this means that nobody(only admin) will able to manage any PHP handlers. Only OS vendor PHP handlers will be available. Our mistake was in assuming that 'any' would allow the customer to select any php hander they liked...

Also this option is poorly documented as there is also a 'fpm' option thats not listed but at least works the way you expect.

Whats also unclear is if you can allow two or more hander types but not all of them. e.g. fastcgi + fpm but not cgi

Anyway commenting the line out has solved our issue.
 
I tried to comment out anything in site_isolation_settings.ini and then restarted plesk with /etc/init.d/psa restart but the problem remain.
Here is my current site_isolation_settings.ini
Code: 
;; The section describes allowed hosting options
[hosting]
;php = any
;php_handler_type = fastcgi
python = off
perl = off
;fastcgi = any
miva = off
ssi = off
;ssl = any
;shell = /usr/local/psa/bin/chrootsh
asp = off
php_safe_mode = off
coldfusion = off


Any advice?
 
Check the Service Plan permissions. Check if the service plan has the following options enabled,

- Hosting settings management
- PHP version and handler management
- Common PHP settings management (this one may not be required)

Also check your subscription is synced with the service plan, not locked. or that you have the permissions set on a custom locked plan.

In regards to site isolation settings we got it working with this...

;; The section describes allowed hosting options
[hosting]
php = any
; php_handler_type = any
php_safe_mode = any
python = off
perl = off
cgi = off
fastcgi = any
miva = off
ssi = any
ssl = any
shell = off
shell = /usr/local/psa/bin/chrootsh
asp = any
coldfusion = off
ssh = off

If that doesn't work it may be something related to the php handers you have setup, in plesk GUI check tools & settings -> PHP Settings and ensure you have several handlers switched on. If they are 'off' then they can't be seen by clients.

Hope they helps.
 
Hello, thank you for your answer.

I tested your combination of settings and others but I still get 'Setup of potentially insecure web scripting options that override provider's policy' when selecting another PHP version in the service plan configuration page.

I do not get this warning changing the PHP version or handler in the website configuration page, I have never got it.
So, customer side it is all in order, but that's not for administrators and resellers.

I still cannot imagine what's wrong, but that's not so important, I have well educated resellers that do not complain :)

Cheers
 
Well its official. "The case has been analyzed further, and submitted to developers as an internal issue with id #PPPM-4543; the fix is considered to be included in one of the next Plesk updates."
 
Thank you Igor. I do not doubt that's true. I would like to know if is there any bug or issue list to check when we find a problem?
 
You must log in or register to reply here.

Similar threads

K
Issue 'PHP handler type' warning when saving a service plan
Replies
0
Views
739
klowet
K
O
Forwarded to devs Service Plans: Conflicts with the server-wide security policy on PHP 8.0 change
Replies
3
Views
1K
IgorG
IgorG
Hex
Forwarded to devs [PPP-42972]Unclickable Buttons
Replies
7
Views
820
Hex
Hex
S
Resolved Unable to create an subdomain
Replies
1
Views
2K
sebgonzes
S
ChristophRo
Issue PHP Version/Handler change - server-wide security policy
Replies
1
Views
564
ChristophRo
ChristophRo
Back
Top