• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Very annoying and repeatable Plesk suexec issue

N

net24

Guest
Running Plesk 8.1.0 on FreeBSD 6.2.

Have configured php to run under Plesk suexec fcgid mode.
Almost everything works - yaay!

Only problem is that when the move_uploaded file function is used (a LOT of php scripts use this) permissions on the uploaded file are set to Unix 600. The php copy function seems to work.

I wondered if this was a php version issue (5.2.0) but recently I installed Ruby on rails under plesk and lo and behold I've found the same issue. :-(

This issue is repeatable regardless of default umask permissions, directory permissions or changing umask within the fcgid wrapper scripts.

So...anyone out there know why Plesk's suexec seems to be forcing scripts to create files with 600 permissions?

Better yet, anyone know how to get around this?
If the standard Apache suexec was being used I could set it in the configure script but there is no such customisation for Plesk's suexec. :-(

I'm not to keen too change the default umask that Apache runs under as I suspect that this will not work due to the customised suexec (which I suspect sets a umask all of it's own for the apps it runs).

Any other ideas? Anyone from Plesk whoc give me further info?
(I'm going to raise a job about this shortly but thought I'd ask the community first).
 
I would love a solution to this as well.

We have clients using Joomla ect, and whenever they install addons/components via the web install its screws around with permissions and we get tickets to fix it manually.
 
I have similar problem and just started to use plesk. First I thought that the problem was because of proftpd settings but it seems not (I dont know whether plesk can be setup ldap-proftp).
I would love a solution to this as well.

We have clients using Joomla ect, and whenever they install addons/components via the web install its screws around with permissions and we get tickets to fix it manually.
 
Why not use mod_suPHP? This will fix this problems. See in my signature on HOW-TO how to setup.
 
I have installed mod_suPHP, but I am STILL experiencing the issue where PHP scripts create new files with 600 permissions. I have even configured Joomla so that new files that are created are created with 644 permissions (which works properly if uploaded by Joomla Media Manager or FTP); however it seems that PHP scripts that run that create files are created with only 600 permissions.

Any ideas?
 
check mod_suphp settings. it should work fine. it is working fine in all of our servers.
 
Could you please be a little more specific about which "mod_suPHP" settings I am supposed to check? I already created my vhost.conf file according to your "How-To" specifications.
 
In /etc/suphp.conf you will find a "umask" setting.

You want to set this to 0022 so that when php scripts create files they are created with 755 permissions which allows suphp to write to them and the ftp user as well, and t his will also allow apache to read them. You can even try 0027 so that files are created with 750 permissions but you will have to check if apache is part of the psacln group.

oh, dont make the mistake of setting this to 022 because then for some reason it doesn't work at all and will fall back to the default of 0077 which you do not want.

I suggest not to set this to 0000 because then you need to change the following to true which can be a security risk which the default mod_php suffer from anyway.

allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false
 
:) yep, already WaDavid ansered.
Also if you have problems, still you can play with
Security options allow_file_group_writeable=false allow_file_others_writeable=false allow_directory_group_writeable=true allow_directory_others_writeable=false; But I suggest to leave it as it is.
 
WaDavid - Thank you, Thank you! Changing the "unmask" setting to 0022 worked perfectly.

lvalics - You might want to add that little bit of info to your "How To: Setup a new box with PLESK" cheatsheet. There are numerous postings where people are having this problem. Most replies suggest that you edit the PHP script that is causing the "problem" and add a line to CHMOD the files with the proper permissions. This is obviously NOT what the average user is capable of doing!
 
I will modify the How-TO I missed to add this unmask settings change, my mistake.
 
Why not use mod_suPHP? This will fix this problems. See in my signature on HOW-TO how to setup.

Because, by using suexec with fastcgi, we have a smaller memory footprint, the ability to have individual php.inis for all of our domains, etc. to name just two of the many benefits.
 
Our servers now have php via both mod_suphp and fastcgi and both support seperate php.ini.

In fact we have a script that automatically fire up whenever a domain gets created to automatically add a suphp.conf and load it via vhost.conf for that domain which set all these settings.
 
Can the skeleton do something like this:

f.write("suPHP_UserGroup " + sysuser + " psacln\n")

The above is the reason why we use a script because the suphp from rpmforge needs that setting to work. I am aware that one can compile suphp yourself and have it not needing that but I believe the above is more secure and is also the way suexec works if you look at the httpd.include that plesk generate for each domain.
 
Sorry to be a little ignorant about this, but I guess I'm a little confused when WaDavid mentioned that his servers "now have php via both mod_suphp and fastcgi". Can you clarify what this means?

I have mod_suphp installed on my server and have configured it for a specific vhost. I also have clicked on the "FastCGI" button in Plesk setup. When looking at the results from phpinfo I see that "Server API = CGI/FastCGI". So am I using FastCGI on "top" of mod_suphp? My understanding is that FastCGI helps to speed up the processing of PHP scripts.
 
if you use mod_suphp it will report that php is running in cgi mode. This also happens when you run php via fastcgi.

Essentially we wrote a php addon script of php which we add as an icon for clients so that they can change it. The default is now that a new domain gets set up with suphp. If a client lets say want php4 instead of 5 it get set up as php4 via fast cgi overwriting the php5 mod_suphp settings. We also have php5 via fast cgi and we usually will put a newer version on first via this and then later force mod_suphp to use the latest version.

It all depends on how you handle the vhost.conf file, via this you can have domains on different versions of php and even all via mod_suphp if you really want.
 
hello all

I think this is a related issue. I'm using plesk 8.6.0 and when I add a new domain I want the permissions on the httpdocs directory to be set to 775 - is this easy enough? The reason for this is because I need php files in

domain1/httpdocs/script.php

tp be able to write to

domain2/httpdocs/

If there is a better way than changing the default permissions I would be interested to hear it, but right now I just need some sort a solution.

thanks in advance
 
Back
Top