Ok this has become a MAJOR issue now, I've got folks wandering all over the file system with fileman from www.gossamer-threads.com because CGI doesn't run chrooted.

This is a HUGE security hole and if I can't get it fixed I'll have to switch to a new CP as people wandering all over the file system is unacceptable.

Need some way to chroot the cgi scripts into the home directory so it can't get out.

I fixed this on my Ensim server last night but havent' found a solution for Plesk yet. Maybe the solution is Ensim?

How did you fix this on Ensim?

http://forum.rackshack.net/showthread.php?threadid=6024

What that thread says do, I did, downloded their suexec.

Only "gotcha" e sure suexec is own root:apache or nothing works

replace existing /usr/sbin/suexec with this one in the thread, mark it with the proper owner, and proper chmod and that's that.

Be aware anyone using real paths will have to modify their scripts to use the chrooted path now.

This worked like a champ, we reinstalled fileman as a test and couldn't get ut of the user's chroot'd home.

We also edited the existing config files for other fileman installs and they began working again and were just fine too.

It's been a long time since I used plesk. But I thought that it was using suexec back then.

Although the directory permissions were kind of screwy.

Have you posted in the plesk forums?

Yeah I posted there first and after no answer in a day I post here :)