Plesk open_basedir and PEAR: the missing step

I hate the Plesk server control panel webapp but our webmaster cooperative still maintains one (but only one) server that uses it. That non-free software means that it’s under our “limited support agreement” which essentially says “you understand that the lack of copyright permissions means this system may break in ways we’re legally forbidden to fix and you have to go beg the copyright holder for help”.

Recently, a site broke because it wanted to use a PEAR module and Plesk’s PHP configuration includes an open_basedir which forbids access to /usr/share/pear – that’s stupid. If someone has enough permission to install dangerous stuff into that folder, they definitely have enough permission to edit the PHP configuration.

The httpd.include file which contains that PHP configuration has a comment at the top that helpfully tells you to create a vhost.conf file alongside it, instead of editing the httpd.include which gets regenerated by Plesk (wiping out any changes at some near-random time in the future). It doesn’t mention that you need to run /usr/local/psa/admin/sbin/websrvmng -u --vhost-name=your.domain after creating it, else no amount of reloading the Apache httpd configuration will make it use the new file. I found the idea from this blog post and then read the –help output to pick the best options for me. It’s not obvious on SWSoft’s Plesk help, which is also stupid.

Finally, you can’t edit the httpd.include template (to mention the websrvmng command to future sysadmins, or to change the open_basedir across all sites) because it is a string inside websrvmng and not a template file – very very stupid.

I didn’t find the source code for websrvmng and I doubt we have permission to modify it, so I guess this is another thing we can’t fix in a reasonable way, like the limited support agreement says. I could recompile PHP to ignore those open_basedir settings or add /usr/share/pear to it, but that’s one hell of a work-around. It seems like having non-free software (like Plesk) rewrite the configuration files of free software (like PHP) is a good way to cripple the free software.

One day I want us to be like Bristol Wireless and have a policy of refusing to deal with such non-free-software systems, but that’s a decision I’ve never won in any organisation I’ve joined yet.

This entry was posted in GNU/Linux, SPI, Web Development and tagged , , , , , . Bookmark the permalink.

One Response to Plesk open_basedir and PEAR: the missing step

  1. Pingback: Spam Revenge: Stopping Joe-job Floods in qmail | Software Cooperative News

Leave a Reply

Your email address will not be published.