• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

www-data is not allowed to view other folders than own subdomain directory

H

HennoR

Guest
Hi!

Using Plesk Panel 10.1.1

I created a subdomain inside of my main-domain.
Plesk created /var/www/vhosts/xxx.xx/xxx/ as http-root for this one. (x-chars are placeholders here)
I created a php script inside of this directory. - Site is viewable.
inside of this script i'm using the php function "file_exists();".
if i use "file_exists(/var/www/vhosts/xxx.xx/xxx/);", it works fine.
but if i use "file_exists(/var/www/vhosts/xxx.xx/yyy/);", it returns false!
yyy exists and has the complete same rights like xxx!

so.. why it returns false? what have u done with www-data?
i ever used plesk the correct way, never modified apache config files manually or anything like that.
 
sorry if the post looks rude. just needing help with it. wanna edit a configfile placed in one of the homedirectories by php script.
I think at normal apache installation www-data can do this, so i just wondering why it doesn't work here.
 
how did you run you php in plesk settings. If it's apache module. Set it on fast-cgi. I had also this problem in my websites and joomla has also problems with the apache-php-module. Apache module don't see any /var/xxx/xxx/xx he only see in the site self. Security reasons.

else: check if your site is still in the folder you where you think that it is. Maby the update changed some folder locations.
 
yeah, it runs as apache-module, but...
using antoher module is not really the way i wanna go... it's like absconding.
There must be a way to correct this "security reason" if i don't want it, right?
 
no you can't correct it because it is correct. thats why poeple called fast-cgi and cgi-bin in live. because thats works faster it's saver and you can also use cgi scripts in it. apache module is created for the little scripts like a simple mysql/php login or e-mail script. if you go config all apache te files. you don't fix it. you create a new backdoor for hackers do they can use the use www-data for fun on your server. you can find fore info's and howto's on the apache site's. There do you a faster answer than here i think.
 
You must log in or register to reply here.

Similar threads

S
Question Help access subdomain images from primary domain
Replies
3
Views
1K
SkyB
S
Y
Resolved LightSpeed - FPM application served by Apache uses wrong PHP Version
Replies
2
Views
1K
yogi70
Y
D
Input How to run Magento 2 on Plesk Obsidian 18 without Docker
Replies
6
Views
3K
WebHostingAce
WebHostingAce
jhernanper
Issue Unable to install SuiteCRM: Symfony Runtime Exception. Tried everything - desperate
Replies
1
Views
3K
Maarten.
M
K
Resolved file_exists(): open_basedir restriction in effect - Obsidian with PHP 8.1
Replies
3
Views
5K
XTech
X
Back
Top