ServerBuddies Support Blog

Run PHP as user instead of as the web server user nobody.

suPHP is a tool for executing PHP scripts with the permissions of their owners.

It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.

You can run PHP as the user (like CGI scripts do with Apache’s suEXEC), with EasyApache’s PHP As User option. This will enable suPHP, greatly improving the permissions situation.

Vulnerable scripts will be limited to the user in question, and are less likely to affect other users. It also changes how PHP interacts with Apache; for example, directives like php_$value are not valid for mod_suphp.

mod_suphp is considerably slower than mod_php.

PHP runs as part of the web server so that, among other things, certain tasks can be done once and held in memory instead of repeated with each request. This helps to speed the server’s performance, and requires that PHP run as the web server’s user “nobody.”

Since that is the case, PHP and directory permissions generally need to be very loose, so PHP can manipulate things. This can allow any user to employ a PHP script to read and write other users’ data. At times, a flaw in PHP can even allow a PHP script to gain root access or take over data in requests on other users’ PHP scripts.

Reference : http://www.suphp.org/
: http://cpanel.net/

How to enable access from all machines for mysql user.

To create a user who has access from all machines in a given domain (for example, serverbuddies.com), you can use the “%” wildcard character in the host part of the account name:

To do the same thing by modifying the grant tables directly, do this:

Transferring User Accounts, Domain Names and Web Sites to Plesk Panel

You can transfer data (user accounts, settings, Web sites and e-mail) to your Parallels Plesk Panel from other hosting servers managed by earlier versions of Parallels Plesk Panel or other Web hosting software.

Data transfers from Windows-based servers to Linux/Unix-based servers are not supported by the Migration Manager function available from the Parallels Plesk Panel; however, you can transfer data from a Windows-based server to a Linux/Unix-based server by backing up data on a source server and then restoring them on the destination server using the command line backup and restore utilities.

Go to Home > Migration Manager (in the Help & Support group).
To check if there are any updates for Migration Manager components, click Synchronize. These updates may include files of migration agents that enable support for transferring data from hosting platforms other than Parallels Plesk Panel.

Click Start New Migration.
Leave the Transfer data from another server option selected, and specify the following options:

The source server’s address. Specify either the IP address or the host name of the server, from which you want to transfer data.
The login name and password used for logging in to the source server.

Select the type of operating system running on the source host. (This option is available if you are using Parallels Plesk Panel 9 for Windows hosting platform.)
Specify the path to the directory where temporary files will be stored.

Specify whether you want to transfer all data related to user accounts and domains from the source server, or only specific items.

Select the data compression option, if you pay per the amount of transferred data, or if you want to save bandwidth. Data compression saves bandwidth, but consumes more disk space.
Click Next>>. The migration manager will connect to the specified server and gather information about the business objects of the source hosting platform.

If you are transferring data from hosting platforms other than Parallels Plesk Panel, select the version of the migration agent that must be used and then click Next >>. Parallels Plesk Panel automatically selects the appropriate agent version; however, if data transfer fails, you can try selecting another version of migration agent.

Source : parallels.com/Plesk/

Simplifying Setup of User Accounts in Plesk

Before you start signing up new users for your services, you should create account configuration presets, referred to as reseller account templates and client account templates. They will simplify setting up user accounts for new customers. The templates cover all resource usage allotments, permissions and limits that you can define for a user account. There are predefined reseller account and client account templates: You can modify them as required and use them, or you can create your own templates. The default templates cannot be removed.

To create a reseller account template:

1. Go to Resellers > Reseller Account Templates > Create Reseller Account Template.

Click OK to complete creation of a template.

During setup of a new reseller account, you will select the required template and the account will be created and allocated the resources you defined.

To create a client account template:

1. Go to Clients > Client Account Templates > Create Client Account Template.

Click OK to complete creation of a template.

During setup of a new user account, you will select the required template and the account will be created and allocated the resources you defined.

In Usermin’s MySQL Database module, how can I restrict the databases that each user can see and use?

By default the module will list all of the databases on your system on the main page, even if some are not actually usable by the logged-in user. To change this, follow these steps :

Login to Webmin on the same server, and enter the Usermin Configuration module.

Click on Usermin Module Configuration.

Click on MySQL Database in the list.

In the Database access control list field, remove the existing *: * line and enter one line per user, containing the username, a colon and

list of databases he is allowed to use. For example, you could enter :

A * in the database column means all databases, while a * in the username column means any user not listed so far.

Hit the Save button to activate the restrictions.