• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

[PPPM-4543] Can't give clients ability to change php version with out overriding provider's policy

burnley

Regular Pleskian
Firstly I'm unsure if this is a bug, or a feature request.

Its currently not possible for clients to select custom PHP builds added to a server. If you have added any custom php build for any reason e.g. plesk does not ship one for the OS used or you want to customize it these can not be selected by the clients.

Currently the only way to grant these capabilities is to also check the option 'Setup of potentially insecure web scripting options that override provider's policy' selection of which does work but in the context of shared hosting is a VERY BAD IDEA as it effectively removes all sorts of checks and security measures we do want to keep.

Custom PHP handers can be controlled under PHP Settings area on Tools & Settings so why are they also tied to 'Setup of potentially insecure web scripting options that override provider's policy' it should be separated to make custom php handlers usable.
 
Last edited:
Ok so one of my colleagues eventually solved this one, the issue is apparently our lack of understanding of the English language and faulty application of logic and reason.

The issue is related to 'php_handler_type' in your site_isolation_settings.ini, the option must remain commented out. If you have set it to site_isolation_settings.ini = any then this means that nobody(only admin) will able to manage any PHP handlers. Only OS vendor PHP handlers will be available. Our mistake was in assuming that 'any' would allow the customer to select any php hander they liked...

Also this option is poorly documented as there is also a 'fpm' option thats not listed but at least works the way you expect.

Whats also unclear is if you can allow two or more hander types but not all of them. e.g. fastcgi + fpm but not cgi

Anyway commenting the line out has solved our issue.
 
I tried to comment out anything in site_isolation_settings.ini and then restarted plesk with /etc/init.d/psa restart but the problem remain.
Here is my current site_isolation_settings.ini
Code:
;; The section describes allowed hosting options
[hosting]
;php = any
;php_handler_type = fastcgi
python = off
perl = off
;fastcgi = any
miva = off
ssi = off
;ssl = any
;shell = /usr/local/psa/bin/chrootsh
asp = off
php_safe_mode = off
coldfusion = off


Any advice?
 
Check the Service Plan permissions. Check if the service plan has the following options enabled,

- Hosting settings management
- PHP version and handler management
- Common PHP settings management (this one may not be required)

Also check your subscription is synced with the service plan, not locked. or that you have the permissions set on a custom locked plan.

In regards to site isolation settings we got it working with this...

;; The section describes allowed hosting options
[hosting]
php = any
; php_handler_type = any
php_safe_mode = any
python = off
perl = off
cgi = off
fastcgi = any
miva = off
ssi = any
ssl = any
shell = off
shell = /usr/local/psa/bin/chrootsh
asp = any
coldfusion = off
ssh = off

If that doesn't work it may be something related to the php handers you have setup, in plesk GUI check tools & settings -> PHP Settings and ensure you have several handlers switched on. If they are 'off' then they can't be seen by clients.

Hope they helps.
 
Hello, thank you for your answer.

I tested your combination of settings and others but I still get 'Setup of potentially insecure web scripting options that override provider's policy' when selecting another PHP version in the service plan configuration page.

I do not get this warning changing the PHP version or handler in the website configuration page, I have never got it.
So, customer side it is all in order, but that's not for administrators and resellers.

I still cannot imagine what's wrong, but that's not so important, I have well educated resellers that do not complain :)

Cheers
 
Well its official. "The case has been analyzed further, and submitted to developers as an internal issue with id #PPPM-4543; the fix is considered to be included in one of the next Plesk updates."
 
Thank you Igor. I do not doubt that's true. I would like to know if is there any bug or issue list to check when we find a problem?
 
Back
Top