• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

private directory to be added to open_basedir

R

Rocky@

Guest
I need to run php script in the 'private' directory, and I understand that I need to include it in the open_basedir in order to do so.

I would like to include that directory ('private') to all domains by default as it is created. How do I do that. Just add that path to the httpd.include in the /etc/httpd/conf/?

Thanks for the help.

Sam
 
The private directory's not designed to be accessed by scripts. You'll need to change the permissions on the private directory of every domain to open up access.
 
Hi Cranky, good to see you again.

My problem was more than the permission. I had to use the individual vhost.conf to turn the open_basedir restriction off for this domain. Of course, using root access and all. This can be done in a few mouse click on CPanel.

I have been setting up this CMS for five years for many sites and never had to get into the shell to tweak the server settings in order to set it up. From now on, every time I set up a PHP script that needs to place outside of the httpdocs, I have to use root access. Or every time my client wants it, I have to do it MANUALLY for them.

Boy, what a learning curve! I have got this box with Plesk for 17 days now. I learn all the tricks MANUALLY. I was thinking this morning, what does Plesk do for me. It seems like a pretty face that does nothing.

Now, I feel like I am married to a beauty qeen and I have to do all the cleaning, cooking, laundry...... It's hard to leave her and it's hard to stay with her.:D

Sam
 
Boy, what a learning curve! I have got this box with Plesk for 17 days now. I learn all the tricks MANUALLY. I was thinking this morning, what does Plesk do for me. It seems like a pretty face that does nothing.
Click to expand...

It's a pretty face that attempts to setup your hosting box as securely as possible in a default installation and frankly it does a fairly good job. Some things should always be left up to the superuser. ... Just my humble opinion .. .
 
Fact: CPanel is not less secure than Plesk.

I don't want to go to the extreme of Plesk bashing. This is my objective consumer opion:

Plesk is made to serve the webhosters, as it is intented for. I am a webdeveloper and got a Plesk box to sell hosting on the side, so I see both sides of the issue.

I am sure Plesk would do a good job allowing me to handle the clients and resellers. But many of the obsticles I ran into were during production. We must not forget that we are hosting the sites for the web designers and webmasters. If they find it hard to get their job done on our hosting settings, how does it benefit our hosting business?

Now, I fully understand why CPanel is capturing the market. It's simply because the ease of use on the client side.

I am sure after using CPanel for production, I don't want to use Plesk becuase I end up consuming more time on settings. I went to CPanel with ease, but came back with a nightmare. I will get use to it since I am the super user, and I will get only clients that has never experienced the ease of CPanel, and maybe mostly those FrontPage users having websites for fun.

One thing regarding your opinion on "something should always be left for the superuser," I agree on certain things, as CPanel also require su sometimes, but most of them can be done on the web interface. When time becomes money, you want to reduce the frequecy of having your customer calling you for everything, and you want to be able to fulfill it by simply clicking on a few buttons. If it were me, I can't always wait for my host for hours to set something up for me to continue my project that can be finish in 10 minutes. I would just change the host.

After all, I have to decide whether I want to be a webhoster. Plesk might serve me as a host, but CPanel serves me as a webdeveloper or webmaster. My struggle is why I should use Plesk to host others since ultimately, it is the webmasters that we are to serve and Plesk is not so convenient for them.

Sam
 
It's got nothing whatsoerver to do with Plesk vs CPanel. PHP configuration is down to you - and can easily be tailored to work effectively for most scripts. If you want to upload a script to Plesk's private directory which is DESIGNED to be private and inaccessible by any scripts then you're making yourself work.
 
Oh yes I chose the private directory because it is the only thing closest to what I needed. Normally, what I need is to put part of my CMS config and system files below the httpdocs. What should I do? In CPanel I simply create a directory there. But in Plesk I can't creat a directory there. It seems that I might be able to use the tmp folder or the private. Anyway, the point is I can accomplish this on CPanel without tweaking anything by ssh to the root.

OK, one of my favorite CMS is Geeklog, probably the best and the most secure one around. Hope you don't cry when you see this in the FAQ:

As explained in the installation instructions, parts of Geeklog (everything outside of the public_html directory) should be installed such that they are not accessible from a URL (for security reasons). However, some hosting services (typically free or cheap services) won't let you install files outside of the webroot....
Click to expand...

This problem is mostly reported by Plesk users. I paid more to put Plesk on my server, and it is functioning like "free or cheap" ones for those who don't know what it is?

And another popular script, OSCommerce, also needs to place part of the script behind httpdocs.

I am not here to put down Plesk. I can simply laugh and leave. I want Plesk to reach its potential, as it is quite nice for the webhosters. But if they are like you, I hope not, defensive and not willing to make the life of the users easier for the money they get, CPanel's gonna take over, no doubt. I am a very patient guy, if Plesk can't keep me, I don't think it can have a better market share.

Selling cheap to the datacenters to stuff it in the servers wouldn't work for long. Just look at EV1, they were faithful Plesk and Ensim carriers. Now the big guy has to carry CPanel, why? If you have been around RackShack forum a couple of years ago, there were requests for RS to carry CPanel almost daily. Now they finally gave in. Look at their servers. More often, the CPanel servers are sold out first, and only Plesk ones left. (That's how I got mine.:rolleyes: ) I wondered why, and now I know. But still, I am squeezing out my hope.

Sam
 
Rocky

I have same problem. ( need to run php script in the 'private' directory). Can you tell what need to do to make this hapen?
 
You're not getting my point. It's not a Plesk problem, it's just something you need to change in the way you work. Fair enough, in CPanel you used a directory outside public_html, in Plesk you can either create a directory like this manually via SSH, or create a directory within httpdocs and add a .htaccess file so the directory is inaccessible to the web.

I want Plesk to reach its potential, as it is quite nice for the webhosters. But if they are like you, I hope not, defensive and not willing to make the life of the users easier for the money they get
Click to expand...

There's not many of us left around here offering help ("help" that's what I'm doing here replying to you at 3.30AM). If you don't want help from me then ignore my posts, I've no problem with that. I've probably suggested more features and reported more bugs to SWsoft than all but a very small minority of users (many of which have been implemented), whilst these things you are asking for may be nice, there are much higher priority features required first in my opinion as this just requires a small change to the way you work.

Regarding open_basedir, that's still not a Plesk limitation, it can be adjusted in php.ini and/or vhost.conf.

Regarding Rackshack, when they weren't offering Plesk a couple years back there were a lot of cries asking for it in the forums, and it was added. If you have feature requests for Plesk add them to the list:

http://forum.sw-soft.com/showthread.php?s=&threadid=21558

I know for certain that SWsoft are aware the list is there, and some of the requests will make their way into R&D.
 
Xrom,

I assume that you have root access, otherwise you have to ask your host to do so.

I use SFTP (FileZilla) to access it.

#1 create two files and name them vhost.conf and vhost_ssl.conf and put the following configuration codes in them (for vhost_ssl.conf use httpsdocs in place of httpdocs). Upload these two files to the related domain's 'conf' directory (the one you usually see listed together with the domain's httpdocs directory).



Code: 
<Directory /home/httpd/vhosts/domain.com/httpdocs>
php_admin_value open_basedir none
</Directory>

<Directory /home/httpd/vhosts/domain.com/httpdocs>
php_admin_value open_basedir /home/httpd/vhosts/domain.com
</Directory>



#2 CHMOD the 'private' directory to 755

That's it.

Hope this help.

Sam
 
Originally posted by Rocky
#2 CHMOD the 'private' directory to 755
Click to expand...

That could cause problems in future as Plesk upgrader will likely reset the permissions back to default. You'd be much better off creating a separate directory, or a directory within httpdocs and protecting via .htaccess.
 
Originally posted by Cranky
That could cause problems in future as Plesk upgrader will likely reset the permissions back to default.
Click to expand...

Bingo, another problem that bothers me. Upgrader would switch everything back.

Notice, at the beginning, my question was to change the default setting to automatically open up the 'private' directory when the domain is created, or add a directory in that nature. That can't happen because once you upgrade, all your customers using those directories would be locked out.

The only way to prevent that is using vhost.conf. That means, you have to do it site by site. That will make the host busy.

Sam
 
Originally posted by Rocky
The only way to prevent that is using vhost.conf. That means, you have to do site by site. That will make the host busy.
Click to expand...

Not necessarily, you could configure vhost.conf in the skeleton directory so it's automatically generated when Plesk is run. One way to avoid the upgrade resetting permissions on your private directory would be to run something like this after the upgrade:

chmod 755 /home/httpd/vhosts/*/private
 
Originally posted by Cranky
One way to avoid the upgrade resetting permissions on your private directory would be to run something like this after the upgrade:

chmod 755 /home/httpd/vhosts/*/private
Click to expand...

That's the kind of nuisance about Plesk I have been talking about. Will l remember it? I might not, until the customer complains. Even then, I might end up spending several minutes diagnosing the problem.

Sam
 
Why use the private directory then? If you use it for what it is designed for the "nuisance" ceases to exist.
 
How could I know that wasn't designed for it? It might be in the manual, but I surely have missed it. It says private and I was trying to put private files in it. Eventhough they are PHP scripts, I regard them as private files because they have my private configurations.

Anyway, I created a different directory because I realized the potential problem, not because I found out it wasn't designed for such needs.

Sam
 
I don’t know, but i think it related. After I create subdomain, customer want keep his mp3s files separate from httpdocs, the php script located in base domain have same open_basedir restriction error. I do not see any reason for this.

There will be no any problem to put folder under httpdocs, but owner do not want give his ftp access to person who will load files. You won't be able to setup multiple FTP accounts either, as Plesk doesn't allow that. So what is best way ?
a) create multiple FTP accounts (how?)
b) remove open_basedir restriction

A and B probably will be useless after next upgrade.

Sorry if this not right topic. Just hurt
 
Instead of creating the vhost.conf file as above create:

/home/httpd/vhosts/domainname.com/subdomains/subdomainname/conf/vhost.conf
 
Actually, one crucial thing was missed above in Rocky's post. After creating the vhost.conf file you need to rebuild apache configuration file:

/usr/local/psa/admin/sbin/websrvmng --reconfigure-vhost --vhost-name=yourdomain.com

Then check apache for problems:

service httpd configtest

If no problems, restart apache:

service httpd restart
 
Hay Cranky, you are still awake!

I commend your community spirit, but have some sleep. There are enough people to keep you busy out here.

Sam
 
You must log in or register to reply here.

Similar threads

K
Issue Cannot add custom folder to the open_basedir PHP option.
Replies
6
Views
326
KevinPrimate
K
N
Question open_basedir issue with borlabs cookie
Replies
3
Views
477
Peter Debik
P
G
Question Enable GIT from SSH (pub+private keys) to multiple users
Replies
0
Views
196
gianni.ravaioli
G
C
Question open_basedir plesk error
Replies
3
Views
760
Peter Debik
P
QWeb Ric
Issue Wrong DKIM signature after migration
Replies
2
Views
119
QWeb Ric
QWeb Ric
Back
Top