• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question New serviceplan PHP config default values

T

Tozz

Regular Pleskian
I'd like to disable open_basedir completely, on all our servers, from all serviceplans and all subscriptions. Primary reason for this is that open_basedir disable's statcaching, which can have detrimental effects on performance for PHP scripts that open a lot of files.

I have managed to fix almost everything, but I can't find where Plesk gets it's default configuration parameters from when creating a new serviceplan.
When I click on Serviceplans -> Create new Plan -> PHP Settings

The value for open_basedir is {WEBSPACEROOT}{/}{:}{TMP}{/}. Where is that coming from? I've configured open_basedir = none in /etc/php/*/*/php.ini and /opt/plesk/php/*/etc/php.ini.
 
I think it is hard coded. Removing the limit only makes sense if you run a server for yourself only, because otherwise, other people will be able to access all files and directories on the server beyond their own subscription. But if you are the only user, why would you want to split organization of domains up into several subscriptions and not just stick with a single huge subscription?
 
They can't access all files, because PHP is ran either as FastCGI or FPM, and both execute the PHP code as the system user (FTP user). So they can't access other subscription data. I'm not the only user, this is a shared hosting platform.

open_basedir doesn't make much sense anyway. We offer CGI, cronjobs and multiple other features that would allow a malicious user to bypass the open_basedir restriction from PHP.
 
Thank you for the detailed explanation. If this is your way, I respect your decision to configure your system this way. Unfortunately, I don't think there is a solution to the initial question.

For other users who stop by in this thread I would however like to add, that it is most certainly possible to hack a server if subscription accounts are not jailed to their own subscription directories and that this is a configuration not recommended when several users share the same server.
 
You must log in or register to reply here.

Similar threads

E
Issue Urgent :( open_basedir problem
Replies
5
Views
941
manni
M
W
Question Subscription locked except for when limits are reset to default?
Replies
0
Views
481
WeronikaS
W
K
Issue Cannot add custom folder to the open_basedir PHP option.
Replies
6
Views
1K
KevinPrimate
K
M
Resolved How to update default open_basedir for all websites?
Replies
6
Views
3K
Peter Debik
P
N
Question open_basedir issue with borlabs cookie
Replies
3
Views
2K
Peter Debik
P
Back
Top