When you share a single physical server between many users, you consider all security aspects thoroughly. Although Plesk provides an acceptable security level, there are suggested ways to improve it. This chapter provides instructions on protecting Plesk server and hosted domains from unauthorized access.
If you offer shared hosting services, one of the most important security aspects is site isolation. This means that users must not be able to access other users’ files and databases.
Customers’ files are usually located in separate directories owned by
the corresponding system users, so other customers cannot access them by
SSH or FTP. The main issue with site isolation is that the server
sometimes executes all scripts of the same type (for example, Perl
scripts) on behalf of the same system user. This means, for example,
that if a customer’s Perl script creates a file in the
directory, another customer’s Perl script can access this file because
the system executes both script on behalf of the same user.
For PHP scripts, you can solve the site isolation problem by running PHP
as a FastCGI or CGI application. In this case, the system executes each
user’s PHP scripts on behalf of the corresponding system user and thus
isolates scripts owned by different users. In turn, if Plesk runs PHP as
an Apache module, all PHP scripts are executed on behalf of the
apache user. This weakens the site isolation.
Some other scripts, such as those written in Perl and Python, are always executed by Plesk on behalf of the same system user. So, in order to provide the best site isolation, you should either prohibit their execution on the server or manually configure the system to execute them securely. Refer to the corresponding documentation for instructions on configuring secure execution of such scripts.
By default, no server-wide site isolation settings are applied: for each subscription, its site isolation settings are defined by its service plan (if the subscription is synced with it) or its own settings (if the subscription is customized and locked).
Note: Customers can change their site isolation settings only if they have the permission Hosting Settings Management.
To define the server-wide site isolation settings:
Open for editing the file
/usr/local/psafor RPM-based systems and
/opt/psaon DEB-based systems.
This configuration file specifies the list of allowed values for hosting settings:
[hosting] ;php = on ;php_handler_type = fastcgi ;python = off ;perl = off ;fastcgi = any ;ssi = any ;ssl = on ;shell = /usr/local/psa/bin/chrootsh ;php_safe_mode = on
By default, all lines are commented out with semicolons (;), so no server-wide settings apply.
To define a server-wide setting, uncomment the corresponding line by removing the semicolon (;) and edit the line. For example, to prohibit executing Perl scripts on your server, remove the semicolon from the line
;perl = off.
You can set the following values for the settings:
offfor scripting options.
- A line from
anyfor any option if the option value is not restricted.
In addition, there are the following restrictions on the use of these values:
php_safe_modemust be set to
php_handler_typemust not be set to
However, you can grant the permission to override the server-wide settings to certain subscriptions or service plans. To do this, select the option Setup of potentially insecure web scripting options that override provider’s policy in the subscription or service plan settings, Permissions tab.
Note: You can grant the permission Setup of potentially insecure web scripting options that override provider’s policy in a plan only after you grant the permission Hosting settings management.