WINDOWS TEMP issue after update 10.4

[JhonJ]

Parallels Plesk 10.4 for Windows
Windows 2008 RD x64

Issue: PhP Temporal directory permissions

Cause: Update Plesk 10.4
Diagnosis: Cannot upload files due TEMP folder do not allow open files or read files.

Hello, after last update all websites has loss the right to save temporal files in the TEMP folder in my case.

C:\Windows\Temp
Also I have try create a new folder: C:\Temp and give all permissions and inherent permissions but don't works neither.

Before the update all website has the access to upload files normally but after the update all uploads has been just stop I were checking since permissions to libraries also scripts but just nothing works.

Please I need help about this issue.

Thank you.

 

[IgorG]

Any error messages, logs?

 

[JhonJ]

Hello Igor

I have found that part of the issue is:

Old accounts already in the panel do not have issues but if you made any change or update immediately the panel create a custom php config.

In this case now the open_basedir is in the domain root and not where it suppose to be in this case C:\Windows\Temp please can you explain or write a new KB about this new feature and how to setup in this case the open_basedir from the panel to read the default temp folder C:\Windows\Temp

Thank you.

 

[IsaacA]

I am having the same issue.

I set Everyone with Full access on both Windows\Temp (which is set in the php.ini as the temp upload directory) and as well set full access to Everyone on the directory in which the script resides. I know this is bad protocol but nothing seemed to be working so this was for testing purposes only.

The main concern is that this script is used on dozens of client's websites and WAS WORKING. None of them work now.

Please advise with a fix.

Plesk 10.4.4 - Windows Server 2008 R2 x64

--Update even the Joomla installs can't upload any more

 

[JhonJ]

Hello Issaac

I have found part of the issue is the new configuration for the custom PHP settings per subscription, witch by the way is just awesome! good job guys, but please Igor if can you made any KB to know how to configure this settings, please!

Basics this is the situation, your new domain ate looking at the custom Open Basedir I try do all as I can to made it works but no luck.

 

[DaymonC]

We've got another thread topic where we are discussing the same similar issues with no help. http://forum.parallels.com/showthread.php?p=616323#post616323

 

[IsaacA]

This has negatively affected over 30 of my clients and I now have no answer for them! I have built CMS solutions for them and now I have to manually make changes because they are unable to upload.

Parallels please respond to this issue in a professional and informative manner.

 

[sukrusaglam]

i solved

i solved this problem

http://forum.parallels.com/showpost.php?p=616602&postcount=22

 

[JhonJ]

It does not fix the issue with the OPEN base dir.

The error still is there just let the issue pass thru but I have seen the server logs and it is creating a mess on windows.

 

[ThorstenD]

I've solved this issue with two possible methods for my Plesk installation using PHP 5.2.x... maybe more workarounds than real solutions..

Maybe a little foreword first:
the first solution is from my point of view not a really good one because it gives modify permissions into a folder within the system directories. To be honestly, to use C:\Windows\Temp folder to save temporary (upload) files from any web connections is a bad idea, even if everything is hardened.. One should strictly isolate all the web directories from the system directories. I always use three different partitions on physically separated drives on my web server. The first, the system partition (and hdd's) is strictly for the Windows installation and any other Windows related data.
The second partition (and hdd's) is strictly for program files (like the Plesk installation), and the third partition (and hdd's) is strictly for the domains web-contents...

I'm not a specialist in security hardening, i can just give you a hint from my experiences and from what was working for my installation.

1.)
I've created a new local security group (let's call it "web_anon_auth_php" and added all the "IUSR_<client_account>" (which are used in my case for web anonymous authentications) for all the web-domains which should have the possibility to upload files via PHP. Then I've changed the NTFS permissions on my C:\Windows\Temp folder and added the new created local security group. (one could also use the already existing security group "psacln" which already contains all the anonymous authentication users plus the client-accounts. However i gave the new created group change permissions to the whole Windows\Temp folder.
As the next step I've changed the "upload_tmp_dir" and "session.save_path" = "C:\Windows\Temp" in my php.ini.
As the last step i went into every domain's "Website Scripting and Security" section within the Plesk CP and there in the section "PHP Settings" I've entered the custom value for "open_basedir" by adding the C:\Windows\Temp folder. So at the end this line looks like this: {DOCROOT}\;C:\Windows\Temp
And of course the safe_mode was set to Off.
I've done this for every domain needed and it worked perfect and my PHP sites/scripts could successfully upload again...

2.) in my eyes the better method.
In every domain's root directory (httpdocs) I've created a new folder "tmp". I've changed the NTFS permissions for this folder and added for each domain the "IUSR_<client_account>" from the same domain and gave him modify rights.
Then i went into each domain's Website Scripting and Security" section within the Plesk CP and there in the section "PHP Settings" I've entered the custom value for "session.save_path" and added the relative path from the tmp directory (in my case "E:\Web\vhosts\mydomain.com\httpdocs\tmp" (maybe it also works or would be even better to only use "/tmp").
Next I've entered under "Addiotional configuration directives" the value: "upload_tmp_dir= "E:\Web\vhosts\mydomain.com\httpdocs\tmp" and again safe_mode = Off.
I had to restart my Plesk and IIS Services but then it also worked fine for me.

Maybe it helps for you, too...

Regards