• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

File owner in subscription is unequal to sys user (actual file owner-name is set to a FTP-user name)

Multiserver, v17.5.3


System user according to GUI is ssh_user, however, the file owner according to grep domain.com /etc/passwd | head -1

is different: "ftp_user1" (ftp_user1:x:10009:1003::/var/www/vhosts/domain.com/httpdocs/foldera/folderb:/bin/false)




# plesk db
mysql> select * from sys_users where home like '/var/www/vhosts/domain.com%';
+----+---------------+----------------+------------+-------------------------------------------------------------+-----------------------+-------+-----------+
| id | serviceNodeId | login | account_id | home | shell | quota | mapped_to |
+----+---------------+----------------+------------+-------------------------------------------------------------+-----------------------+-------+-----------+
| 12 | 1 | ssh_user | 35 | /var/www/vhosts/domain.com | /opt/psa/bin/chrootsh | 0 | NULL |
| 13 | 1 | ftp_user1 | 38 | /var/www/vhosts/domain.com/httpdocs/foldera/folderb | | 0 | 12 |
| 41 | 1 | ftp_user2 | 102 | /var/www/vhosts/domain.com | | 0 | 12 |
+----+---------------+----------------+------------+-------------------------------------------------------------+-----------------------+-------+-----------+
3 rows in set (0.00 sec)



This can be seen when listing the subscription's webroot too:


root@webserverXYZ /var/www/vhosts/domain.com # ls -l
total 9568
drwxr-xr-x 2 root root 4096 Jul 23 18:54 bin
drwxr-xr-x 2 root root 4096 Mar 19 13:07 dev
drwxr-xr-x 2 ftp_user1 psacln 4096 Oct 16 2017 error_docs
drwxr-xr-x 4 root root 4096 Jul 23 18:54 etc
drwxr-xr-x 2 ftp_user1 psacln 4096 Jul 23 18:25 git
drwxr-x--- 20 ftp_user1 psaserv 4096 Jul 22 10:55 httpdocs
drwxr-xr-x 4 root root 4096 Jul 23 18:54 lib
drwxr-xr-x 2 root root 4096 Mar 19 13:07 lib64
drwx------ 2 ftp_user1 root 4096 Jul 23 06:31 logs
drwxr-xr-x 2 root root 4096 Mar 19 13:07 sbin
drwxrwxrwt 2 root root 4096 Nov 26 2018 tmp
drwxr-xr-x 2 root root 4096 Nov 29 2017 tsung
drwxr-xr-x 6 root root 4096 Mar 19 13:07 usr
drwxr-xr-x 3 root root 4096 Mar 19 13:07 var



Shell login however is possible for user "ssh_user", which, for some reason then sees it self as file owner:

Using username "ssh_user".
Authenticating with public key "example.com-rsa-key-20180620"
Passphrase for key "example.com-rsa-key-20180620":
Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.8.0-45-generic x86_64)

Last login: Mon May 20 10:21:41 2019 from 1.2.3.4
bash-4.3$ ls -l
total 9568
drwxr-xr-x 2 root root 4096 Jul 23 16:54 bin
drwxr-xr-x 2 root root 4096 Mar 19 12:07 dev
drwxr-xr-x 2 ssh_user psacln 4096 Oct 16 2017 error_docs
drwxr-xr-x 4 root root 4096 Jul 23 16:54 etc
drwxr-xr-x 2 ssh_user psacln 4096 Jul 23 16:25 git
drwxr-x--- 20 ssh_user psaserv 4096 Jul 22 08:55 httpdocs
drwxr-xr-x 4 root root 4096 Jul 23 16:54 lib
drwxr-xr-x 2 root root 4096 Mar 19 12:07 lib64
drwx------ 2 ssh_user root 4096 Jul 23 04:31 logs
drwxr-xr-x 2 root root 4096 Mar 19 12:07 sbin
drwxrwxrwt 2 root root 4096 Nov 26 2018 tmp
drwxr-xr-x 2 root root 4096 Nov 29 2017 tsung
drwxr-xr-x 6 root root 4096 Mar 19 12:07 usr
drwxr-xr-x 3 root root 4096 Mar 19 12:07 var
bash-4.3$



-----------


This at least is strange, but it wasn't an issue so far. However, now we'd tried to set up Git within Plesk GUI for this subscription, which now gives us the following error:


Cloning Git repository reponame.git...
  • Cloning into bare repository '/var/www/vhosts/domain.com/git/reponame.git'...
  • Public key for the server at 'bitbucket.org' is already known in '/var/www/vhosts/domain.com/httpdocs/foldera/folderb/.ssh/git_known_hosts'.
  • Warning: Permanently added the RSA host key for IP address 'x.y.z' to the list of known hosts.
  • Permission denied (publickey).
  • fatal: Could not read from remote repository.
  • Please make sure you have the correct access rights
  • and the repository exists.


Long story short, what options do I have to correct the file ownership without breaking this subscription completely? If it wasn't about a huge webshop with about 200GB of files I wouldn't care about removing the subscription and recreating it, however, this will lead to a long downtime while moving the files around which I currently can not afford (in case this would even make sense, since I can reproduce this file-ownership issue in every subscription that has additional FTP users set up).

I've already deleted the ftp users (ftp_user1 and ftp_user2), ran a plesk repair fs - which only told one warning saying that files do have strange permission/ownership settings (well, I can confirm that one ;)) and saving the sys user with a new name from GUI.

chown'ing (i.e. chown ssh_user:psaserv /var/www/vhosts/domain.com/httpdocs) is executing without errors (where else using an incorrect username would lead to something like chown: invalid user: ‘sdfgdfgdfdsf’), but the the files owner remains unchanged.


NOTE:
Also, I've just figured, that I now can NOT recreate the FTP user (ftp_user1) since GUI tells me, that the user already exists. ftp_user2 was possible to be created with the same name again. In addition there is even a third FTP user, this one however is not listed under sys_users.
BTW, processes of this subscription are owned by ftp_user1 too!
 
Last edited:
The "strange" user behaviour can be explained this way: Both users (ftp_user and ssh_user) share the same UID. This needs to be done this way as on a Unix-like system each file or directory can only be owned by one single UID.
Check your /etc/passwd, both users probably have the same UID.

So that's nothing strange there.

Regarding your git error: I might be wrong but it could be a similar case such as this: Unable to pull updates from Git repository: Permission denied: Could not read from remote repository
 
Monty, thank you - actually looking into /etc/passwd didn't dawn on me...

However, I think the more easy workaround to fix this issue is to manually move the line holding the ssh-username for a certain subscription somewhere before all the other ftp users of the same subscription inside that file.
This procedure fixed both, the "wrongly" displayed name in terms of file ownership and the git-integration.

About the stuck FTP user ("ftp_user1"): I've checked whether there are any relations left onto that user (Resolved - FTP: User account already exists. was quite nice on that topic) and removed it from sys_users and /etc/passwd. After trying to recreate the user now again, it was working.
 
Back
Top