• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Setting the "server-wide security policy"

PleskWebmaster

New Pleskian
OS: CentOS 6.7 (Final)
Plesk version: 12.0.18 Update #66
Last updated: Sept 28, 2015 05:45 PM

Where exactly do you set the "server-wide security policy" settings?

Cannot load WordPress through Plesk because safe mode is on. Turned off in the Plan, but still it asks (warns) about conflicting with the "server-wide security policy" and contrary to saying it will override those settings, it seems to have no effect after saved - still cannot install WordPress through the Plesk "Applications" interface.

Looked where I thought the most obvious place would be:
Admin user - Tools and Settings - Security - Security Policy
Nothing there except:

(1)
Enhanced security mode (which is on and apparently cannot be turned off from there)

(2) Secure FTP (which has no option to disable both FTP and FTPS)


(3) Password Strength

So where exactly DO you set these server-wide security policy settings?

According to this, one may think the server-wide security policy may refer to the servers primary php.ini file:

69697.gif


But apparently that's not the case since the appropriate settings in my /etc/php.ini are:

; Safe Mode
; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode
safe_mode = Off

; By default, Safe Mode does a UID compare check when
; opening files. If you want to relax this to a GID compare,
; then turn on safe_mode_gid.
; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode-gid
safe_mode_gid = Off

; When safe_mode is on, UID/GID checks are bypassed when
; including files from this directory and its subdirectories.
; (directory must also be in include_path or full path must
; be used when including)
; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode-include-dir
safe_mode_include_dir =

; When safe_mode is on, only executables located in the safe_mode_exec_dir
; will be allowed to be executed via the exec family of functions.
; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode-exec-dir
safe_mode_exec_dir =

; Setting certain environment variables may be a potential security breach.
; This directive contains a comma-delimited list of prefixes. In Safe Mode,
; the user may only alter environment variables whose names begin with the
; prefixes supplied here. By default, users will only be able to set
; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR).
; Note: If this directive is empty, PHP will let the user modify ANY
; environment variable!
; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode-allowed-env-vars
safe_mode_allowed_env_vars = PHP_

; This directive contains a comma-delimited list of environment variables that
; the end user won't be able to change using putenv(). These variables will be
; protected even if safe_mode_allowed_env_vars is set to allow to change them.
; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode-protected-env-vars
safe_mode_protected_env_vars = LD_LIBRARY_PATH
 
Last edited:
Seriously? "Turned off in plan" mean I turned off safe mode in the Service Plan that the Subscription is using. More specifically, under the PHP Settings tab (in the Common Settings section) of the Subscription's Service Plan.

And yes, it also shows that safe mode is off in the PHP settings for that website/domain name under the Websites & Domains tab - which is actually populated by the Service Plan selected for that Subscription, right?


So the question remains, where are the settings for the "server-wide security policy" that Plesk refers to when it blocks the installation of WordPress (and perhaps other apps)?
 
Last edited:
Back
Top