It has been requested enough times, how about delivering!

Yes, this is probably the most important feature that is needed right now.

Of course it will undoubtedly cause problems when it is introduced. A lot of people will have set things up to work with (or around) the Apache ownerships as they are now.

But I think this will be a minor thing compared to the benefits of suPHP.

Of course I don't know the technicalities. Does it require php to be compiled in a certain way? Or Apache? If so then it is probably a nightmare for SWSoft to work around that.

Faris.

Yes it would be nice if they would add this in.

If you want to tighten up your PHP security then take a look at Suhosin.
http://www.hardened-php.net/suhosin/

You can load it via a php .so and its binary compatible so all other loaders will work.

What I really can't wait for is when atomicrocketturtle finishes their new Atomic Secured Linux 2.0 .. it fully integrates with plesk. If you haven't seen it check it out:

http://www.atomicrocketturtle.com/Joomla/content/view/137/34/

It offers among many other features:

*

Stack overflow protection from the PaX project, that addresses exploits in services on the system, such as apache, bind, or secure shell
*

An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration, from the Grsecurity project.
*

Trusted Path Execution, which only allows untrusted users such as apache to execute commands owned by root, thus simply preventing a whole class of exploit techniques used by attackers, or internet worms
*

Users are restricted to only view their processes
*

Application layer firewalling through mod_security, and the industry leading rules created by Atomicorp at gotroot.com, optimized for Plesk Server Administrator environments.
*

Denial of Service protection through mod_evasive

Check out the new screenshots:
http://www.atomicrocketturtle.com/gallery2/main.php?g2_itemId=604

Plesk should really hire atomic back. He's done more for plesk than all the other plesk developers combined!

I mentioned suPHP before, no-one listened then..... with the prices they ask for Plesk, they should include suPHP and more security features.

Why not just install suPHP yourself instead of complaining that it's not included with Plesk? It's a control panel people, it shouldn't have to hold your hand and wake you up in the morning.

~Matt

Originally posted by matt.simpson
Why not just install suPHP yourself instead of complaining that it's not included with Plesk? It's a control panel people, it shouldn't have to hold your hand and wake you up in the morning.

~Matt
Coz when I tried to recompile Apache with suPHP support, it f'ed up..... Not everyone is a Linux buff you know..
By all means give or direct us a step-by-step fool proof guide to install suPHP with Apache.......

Yes, I too would like suphp integration with Plesk.

Just upgraded to 8.2

soooo, if anyone is capable of installing, and setting up to correct the Joomla user issue, please PM me.

Also, if you are capable of integrating spamassassin, I would be interested in that too

Originally posted by matt.simpson
Why not just install suPHP yourself instead of complaining that it's not included with Plesk? It's a control panel people, it shouldn't have to hold your hand and wake you up in the morning.

~Matt

Some of us use Virtuozzo and install packages via Virtuozzo templates for performance reasons.

Originally posted by matt.simpson
Why not just install suPHP yourself instead of complaining that it's not included with Plesk? It's a control panel people, it shouldn't have to hold your hand and wake you up in the morning.


Yeah, RIGHT! And add that **** after your client creates domain in every vhost.conf by hand. What a briliant idea!

suPHP will not fix security problem, we need chroot + suexec (with user and user_www)!

And don't suggest suhosin, since it solves different range of problems....


Hey swsoft, where is update to php-5.2.4???

Install mod_suPHP with YUM or from source and use Power Toys to manage it from PLESK

Joomla guys already love it :-)

You seem to forget that RHEL does not support YUM - and that RHEL is the only commercially supported enterprise level Linux OS.

YUM or from source ... so you can install from any way possible. Then we come with the settings/domain. Hope this help.

up2date on RHEL4 supports yum archives natively, and as of RHEL 5 up2date was discontinued in favor of yum.

SuSE is also a commercially supported enterprise linux, and CentOS is the community supported enterprise OS. It uses the exact same source code as RHEL. The only difference is that the redhat trademarks have been removed. You'll also find that all the 3rd party archive maintainers (myself, dag, axel thimm, dries, karan, and many others) are involved with the CentOS project.

My installer will add yum to a VPS or RHEL4 system if you don't already have it:

wget -q -O - http://www.atomicrocketturtle.com/installers/atomic |sh