Christoph Farnleitner
New Pleskian
Multiserver, v17.5.3
System user according to GUI is ssh_user, however, the file owner according to grep domain.com /etc/passwd | head -1
is different: "ftp_user1" (ftp_user1:x:10009:1003::/var/www/vhosts/domain.com/httpdocs/foldera/folderb:/bin/false)
# plesk db
mysql> select * from sys_users where home like '/var/www/vhosts/domain.com%';
+----+---------------+----------------+------------+-------------------------------------------------------------+-----------------------+-------+-----------+
| id | serviceNodeId | login | account_id | home | shell | quota | mapped_to |
+----+---------------+----------------+------------+-------------------------------------------------------------+-----------------------+-------+-----------+
| 12 | 1 | ssh_user | 35 | /var/www/vhosts/domain.com | /opt/psa/bin/chrootsh | 0 | NULL |
| 13 | 1 | ftp_user1 | 38 | /var/www/vhosts/domain.com/httpdocs/foldera/folderb | | 0 | 12 |
| 41 | 1 | ftp_user2 | 102 | /var/www/vhosts/domain.com | | 0 | 12 |
+----+---------------+----------------+------------+-------------------------------------------------------------+-----------------------+-------+-----------+
3 rows in set (0.00 sec)
This can be seen when listing the subscription's webroot too:
root@webserverXYZ /var/www/vhosts/domain.com # ls -l
total 9568
drwxr-xr-x 2 root root 4096 Jul 23 18:54 bin
drwxr-xr-x 2 root root 4096 Mar 19 13:07 dev
drwxr-xr-x 2 ftp_user1 psacln 4096 Oct 16 2017 error_docs
drwxr-xr-x 4 root root 4096 Jul 23 18:54 etc
drwxr-xr-x 2 ftp_user1 psacln 4096 Jul 23 18:25 git
drwxr-x--- 20 ftp_user1 psaserv 4096 Jul 22 10:55 httpdocs
drwxr-xr-x 4 root root 4096 Jul 23 18:54 lib
drwxr-xr-x 2 root root 4096 Mar 19 13:07 lib64
drwx------ 2 ftp_user1 root 4096 Jul 23 06:31 logs
drwxr-xr-x 2 root root 4096 Mar 19 13:07 sbin
drwxrwxrwt 2 root root 4096 Nov 26 2018 tmp
drwxr-xr-x 2 root root 4096 Nov 29 2017 tsung
drwxr-xr-x 6 root root 4096 Mar 19 13:07 usr
drwxr-xr-x 3 root root 4096 Mar 19 13:07 var
Shell login however is possible for user "ssh_user", which, for some reason then sees it self as file owner:
Using username "ssh_user".
Authenticating with public key "example.com-rsa-key-20180620"
Passphrase for key "example.com-rsa-key-20180620":
Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.8.0-45-generic x86_64)
Last login: Mon May 20 10:21:41 2019 from 1.2.3.4
bash-4.3$ ls -l
total 9568
drwxr-xr-x 2 root root 4096 Jul 23 16:54 bin
drwxr-xr-x 2 root root 4096 Mar 19 12:07 dev
drwxr-xr-x 2 ssh_user psacln 4096 Oct 16 2017 error_docs
drwxr-xr-x 4 root root 4096 Jul 23 16:54 etc
drwxr-xr-x 2 ssh_user psacln 4096 Jul 23 16:25 git
drwxr-x--- 20 ssh_user psaserv 4096 Jul 22 08:55 httpdocs
drwxr-xr-x 4 root root 4096 Jul 23 16:54 lib
drwxr-xr-x 2 root root 4096 Mar 19 12:07 lib64
drwx------ 2 ssh_user root 4096 Jul 23 04:31 logs
drwxr-xr-x 2 root root 4096 Mar 19 12:07 sbin
drwxrwxrwt 2 root root 4096 Nov 26 2018 tmp
drwxr-xr-x 2 root root 4096 Nov 29 2017 tsung
drwxr-xr-x 6 root root 4096 Mar 19 12:07 usr
drwxr-xr-x 3 root root 4096 Mar 19 12:07 var
bash-4.3$
-----------
This at least is strange, but it wasn't an issue so far. However, now we'd tried to set up Git within Plesk GUI for this subscription, which now gives us the following error:
Cloning Git repository reponame.git...
Long story short, what options do I have to correct the file ownership without breaking this subscription completely? If it wasn't about a huge webshop with about 200GB of files I wouldn't care about removing the subscription and recreating it, however, this will lead to a long downtime while moving the files around which I currently can not afford (in case this would even make sense, since I can reproduce this file-ownership issue in every subscription that has additional FTP users set up).
I've already deleted the ftp users (ftp_user1 and ftp_user2), ran a plesk repair fs - which only told one warning saying that files do have strange permission/ownership settings (well, I can confirm that one ) and saving the sys user with a new name from GUI.
chown'ing (i.e. chown ssh_usersaserv /var/www/vhosts/domain.com/httpdocs) is executing without errors (where else using an incorrect username would lead to something like chown: invalid user: ‘sdfgdfgdfdsf’), but the the files owner remains unchanged.
NOTE:
Also, I've just figured, that I now can NOT recreate the FTP user (ftp_user1) since GUI tells me, that the user already exists. ftp_user2 was possible to be created with the same name again. In addition there is even a third FTP user, this one however is not listed under sys_users.
BTW, processes of this subscription are owned by ftp_user1 too!
System user according to GUI is ssh_user, however, the file owner according to grep domain.com /etc/passwd | head -1
is different: "ftp_user1" (ftp_user1:x:10009:1003::/var/www/vhosts/domain.com/httpdocs/foldera/folderb:/bin/false)
# plesk db
mysql> select * from sys_users where home like '/var/www/vhosts/domain.com%';
+----+---------------+----------------+------------+-------------------------------------------------------------+-----------------------+-------+-----------+
| id | serviceNodeId | login | account_id | home | shell | quota | mapped_to |
+----+---------------+----------------+------------+-------------------------------------------------------------+-----------------------+-------+-----------+
| 12 | 1 | ssh_user | 35 | /var/www/vhosts/domain.com | /opt/psa/bin/chrootsh | 0 | NULL |
| 13 | 1 | ftp_user1 | 38 | /var/www/vhosts/domain.com/httpdocs/foldera/folderb | | 0 | 12 |
| 41 | 1 | ftp_user2 | 102 | /var/www/vhosts/domain.com | | 0 | 12 |
+----+---------------+----------------+------------+-------------------------------------------------------------+-----------------------+-------+-----------+
3 rows in set (0.00 sec)
This can be seen when listing the subscription's webroot too:
root@webserverXYZ /var/www/vhosts/domain.com # ls -l
total 9568
drwxr-xr-x 2 root root 4096 Jul 23 18:54 bin
drwxr-xr-x 2 root root 4096 Mar 19 13:07 dev
drwxr-xr-x 2 ftp_user1 psacln 4096 Oct 16 2017 error_docs
drwxr-xr-x 4 root root 4096 Jul 23 18:54 etc
drwxr-xr-x 2 ftp_user1 psacln 4096 Jul 23 18:25 git
drwxr-x--- 20 ftp_user1 psaserv 4096 Jul 22 10:55 httpdocs
drwxr-xr-x 4 root root 4096 Jul 23 18:54 lib
drwxr-xr-x 2 root root 4096 Mar 19 13:07 lib64
drwx------ 2 ftp_user1 root 4096 Jul 23 06:31 logs
drwxr-xr-x 2 root root 4096 Mar 19 13:07 sbin
drwxrwxrwt 2 root root 4096 Nov 26 2018 tmp
drwxr-xr-x 2 root root 4096 Nov 29 2017 tsung
drwxr-xr-x 6 root root 4096 Mar 19 13:07 usr
drwxr-xr-x 3 root root 4096 Mar 19 13:07 var
Shell login however is possible for user "ssh_user", which, for some reason then sees it self as file owner:
Using username "ssh_user".
Authenticating with public key "example.com-rsa-key-20180620"
Passphrase for key "example.com-rsa-key-20180620":
Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.8.0-45-generic x86_64)
Last login: Mon May 20 10:21:41 2019 from 1.2.3.4
bash-4.3$ ls -l
total 9568
drwxr-xr-x 2 root root 4096 Jul 23 16:54 bin
drwxr-xr-x 2 root root 4096 Mar 19 12:07 dev
drwxr-xr-x 2 ssh_user psacln 4096 Oct 16 2017 error_docs
drwxr-xr-x 4 root root 4096 Jul 23 16:54 etc
drwxr-xr-x 2 ssh_user psacln 4096 Jul 23 16:25 git
drwxr-x--- 20 ssh_user psaserv 4096 Jul 22 08:55 httpdocs
drwxr-xr-x 4 root root 4096 Jul 23 16:54 lib
drwxr-xr-x 2 root root 4096 Mar 19 12:07 lib64
drwx------ 2 ssh_user root 4096 Jul 23 04:31 logs
drwxr-xr-x 2 root root 4096 Mar 19 12:07 sbin
drwxrwxrwt 2 root root 4096 Nov 26 2018 tmp
drwxr-xr-x 2 root root 4096 Nov 29 2017 tsung
drwxr-xr-x 6 root root 4096 Mar 19 12:07 usr
drwxr-xr-x 3 root root 4096 Mar 19 12:07 var
bash-4.3$
-----------
This at least is strange, but it wasn't an issue so far. However, now we'd tried to set up Git within Plesk GUI for this subscription, which now gives us the following error:
Cloning Git repository reponame.git...
- Cloning into bare repository '/var/www/vhosts/domain.com/git/reponame.git'...
- Public key for the server at 'bitbucket.org' is already known in '/var/www/vhosts/domain.com/httpdocs/foldera/folderb/.ssh/git_known_hosts'.
- Warning: Permanently added the RSA host key for IP address 'x.y.z' to the list of known hosts.
- Permission denied (publickey).
- fatal: Could not read from remote repository.
- Please make sure you have the correct access rights
- and the repository exists.
Long story short, what options do I have to correct the file ownership without breaking this subscription completely? If it wasn't about a huge webshop with about 200GB of files I wouldn't care about removing the subscription and recreating it, however, this will lead to a long downtime while moving the files around which I currently can not afford (in case this would even make sense, since I can reproduce this file-ownership issue in every subscription that has additional FTP users set up).
I've already deleted the ftp users (ftp_user1 and ftp_user2), ran a plesk repair fs - which only told one warning saying that files do have strange permission/ownership settings (well, I can confirm that one ) and saving the sys user with a new name from GUI.
chown'ing (i.e. chown ssh_usersaserv /var/www/vhosts/domain.com/httpdocs) is executing without errors (where else using an incorrect username would lead to something like chown: invalid user: ‘sdfgdfgdfdsf’), but the the files owner remains unchanged.
NOTE:
Also, I've just figured, that I now can NOT recreate the FTP user (ftp_user1) since GUI tells me, that the user already exists. ftp_user2 was possible to be created with the same name again. In addition there is even a third FTP user, this one however is not listed under sys_users.
BTW, processes of this subscription are owned by ftp_user1 too!
Last edited: