Wtf ?
I have been waiting for over a year to get mod_ruid2 to plesk 12.5, at one point somewhere was promised that will include it.
So now i was in position to upgrade one panel, i'm trying to switch some sites to ruid2, and doesn't work. What? I'm going to check changelog, and i see in the end wasn't included in 12.5 .
Well, cool, then lets do php-fpm. I'm trying to enable the handler, and i see that exists for Nginx only? Wtf? Why the hell was Apache left out ?

Whow, another great example of how Parallels doesn't (want to?) understand security, nor the questions asked. So to be direct, how does this allow us to set permissions to -rwX------?

Exactly, it doesn't. With regards to the question it adds 0, nothing, nada. It hardly adds anything over PHP as FastCGI either, besides running under nginx instead of apache.

Is the question not understood or do you simply don't care about security whatsoever? After many years I have the impression it's both. Wish isn't an all to best impression to be honest.

We're building our standard hosting platforms with mod_itk with cloudlinux, but the customization is bit painful so yeah, having it as an option would be great!

I'm surprised that no-one mentioned that this solution gives you the massive performance bonus APC!

Yes. Please do as soon as can be planned for. I've been running with Plesk on CentOS since Plesk v10 (now up to Plesk 11.5 and CentOS 6) and it has been flawless.

mod_ruid2/mpm-itk actually *ARE* better solutions. I run them at home.

It's simply not possible to explain most end-users that the PHP (and it's config files / includes / etc.) need to be only rw for the webuser itself and don't need other permissions whilst static content like pictures (unless served by a php page) are read by the webserver which runs under another user and then needs read as well.

With mod_ruid/mpm-itk you can simply stop worrying about it. They can just upload everything with 0600 and all is well.

Not to mention we occasionally have very weird issues with php as fastcgi in combination with .htaccess mod rewrite rules. These thrown no errors and are damn near impossible to debug (and not only because plesk executables just exit in debuggers)

There is an implementation for this in Helixdevelopment module already:
http://forum.parallels.com/pda/index.php/t-106297.html

However this should be adopted as an default feature of Plesk.

Also what comes to mpm-itk, much more better in performance terms is to use default mod-prefork with mod_ruid2 module. This gives the great performance of Apache module for PHP but also when it comes to file handling it's done with FTP user instead of shared Apache user (etc. www-data).

On mod_ruid2, running process owner could be easily changed by simply exploit when you have on apache mod_php or mod_python enabled. Better solution will be mpm-itk where that operation isn't possible.

We also run ruid2 on Plesk 11 through the vhost templates. Ran into some problems with .htpasswd files, and possibly File Sharing, but its still a very good option for keeping resource usage down.

I'm using ruid2 already and also set it up as vhost template. With this configuration it works like a charm. This should be default on Plesk! It should be delivered with ruid2 activated and this vhost template.