• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

www-data is not allowed to view other folders than own subdomain directory

H

HennoR

Guest
Hi!

Using Plesk Panel 10.1.1

I created a subdomain inside of my main-domain.
Plesk created /var/www/vhosts/xxx.xx/xxx/ as http-root for this one. (x-chars are placeholders here)
I created a php script inside of this directory. - Site is viewable.
inside of this script i'm using the php function "file_exists();".
if i use "file_exists(/var/www/vhosts/xxx.xx/xxx/);", it works fine.
but if i use "file_exists(/var/www/vhosts/xxx.xx/yyy/);", it returns false!
yyy exists and has the complete same rights like xxx!

so.. why it returns false? what have u done with www-data?
i ever used plesk the correct way, never modified apache config files manually or anything like that.
 
sorry if the post looks rude. just needing help with it. wanna edit a configfile placed in one of the homedirectories by php script.
I think at normal apache installation www-data can do this, so i just wondering why it doesn't work here.
 
how did you run you php in plesk settings. If it's apache module. Set it on fast-cgi. I had also this problem in my websites and joomla has also problems with the apache-php-module. Apache module don't see any /var/xxx/xxx/xx he only see in the site self. Security reasons.

else: check if your site is still in the folder you where you think that it is. Maby the update changed some folder locations.
 
yeah, it runs as apache-module, but...
using antoher module is not really the way i wanna go... it's like absconding.
There must be a way to correct this "security reason" if i don't want it, right?
 
no you can't correct it because it is correct. thats why poeple called fast-cgi and cgi-bin in live. because thats works faster it's saver and you can also use cgi scripts in it. apache module is created for the little scripts like a simple mysql/php login or e-mail script. if you go config all apache te files. you don't fix it. you create a new backdoor for hackers do they can use the use www-data for fun on your server. you can find fore info's and howto's on the apache site's. There do you a faster answer than here i think.
 
You must log in or register to reply here.

Similar threads

Stergios G
Question symbolic link, not working
Replies
7
Views
1K
Raul A.
R
S
Issue Create new subdomain uses wrong directory
Replies
3
Views
498
SiegbertG
S
H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
580
Raul A.
R
W
Issue scheduled task ERROR | /opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/wp-toolkit/scripts/instances-auto-update.php'
Replies
3
Views
3K
Wolfgang Reidlinger
W
S
Question Help access subdomain images from primary domain
Replies
3
Views
2K
SkyB
S
Back
Top