• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved New FTP user becomes visual owner of all files of the webspace on Alma 8.x

fabrizioi

Basic Pleskian
Username:

TITLE

New FTP user becomes visual owner of all files of the webspace

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk Obsidian Version 18.0.51 Update #1
AlmaLinux 8.7 (Stone Smilodon) X64

PROBLEM DESCRIPTION

Dear Plesk Support Team,

As I have posted here:
and as in this discussion

Preamble
I have a lot of Linux Centos with Plesk 18.x without any issues .


I have setup a new WebServer with Plesk and AlmaLinux.
(CentOS unfortunaly he has left us)

Everything work very well except subscriptions where I need to setup additional ftp user (needed to create some little service to specific protected folder)

For example:

subsriptions mydomain.com
subscription owner mydomain.com ( I always use the same for semplicity)

From shell
cd /var/www/vhosts/mydomain.com/httpdocs
ll
.
..
exampledir "owner mydomain.com:psacln"

Go to Plesk Panel, add new Ftp User "subaccount-user"

From Shell

cd /var/www/vhosts/mydomain.com/httpdocs
ll
.
..
exampledir "owner subaccount-user:psacln"

In reality this is not true, but AlmaLinux lie us and himself
For example subaccount-user cannot access the WebSpace if for example try to configure it in a FileZilla Ftp session.

Some user on Forum tell me this is related on the order of user in /etc/passwd

This is not possible.

For example try to configure on the fly a new FileZilla Ftp client session with user mydomain.com.
This user can obviously connect to the subscriptions, he is the owner.
FileZilla report in the remtot screen the correct owner on file and folders.

.
..
exampledir "owner mydomain.com:psacln"

As reported by other user, it seems this bug is specific to AlmaLinux 8.7.
This affect also browsing a folder from Plesk Panel: it report a wrong user owner .

STEPS TO REPRODUCE

  1. Setup a new Almalinux 8.7 WebServer
  2. Setup Plesk Obsidian Version 18.0.51 Update #1
  3. Create a subscription mydomain.com
  4. Add new Ftp User
  5. Check subscription owner from ssh shell

ACTUAL RESULT

Wrong display user owner

EXPECTED RESULT

Correct display user owner

ANY ADDITIONAL INFORMATION

(DID NOT ANSWER QUESTION)

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Hi @fabrizioi , thank you for reporting. Please give me a day or two to recreate the scenario in a test environment before I forward it to developers. I'll report back here as tests etc. progress.
 
@fabrizioi Thanks again for reporting, I have tested the scenario against Centos 7.x, Alma 8.x, Alma 9.x and Debian 11.x and found that only on Alma 8.x the issue occurs. It has been forwarded to developers as PPS-14387.
 
Developers responded that it is a known issue and caused by a new feature that was introduced in CentOS 8/Alma 8 and CloudLinux, but that it is only cosmetic with no real impact. The issue is caused by the fact that the SSSD is used on CentOS 8 by default. On most, Linux distros system calls show the first user from the list, but in Centos8 this OS behavior was changed since the SSSD returns the last matched entry in /etc/passwd.

The impact is only visual, however, the following workaround may be implemented to fix this:

1) Swap the 'sss' and 'files' for the passwd map in /etc/nsswitch.conf file.
The result should look like this:
passwd: files sss systemd

2) The same manipulation should be applied to /etc/authselect/user-nsswitch.conf file

To ensure that the system user johndoe is located above all additional users run the following command:
# grep '10000' /etc/passwd
(with '10000' = system user ID of the user in question)
should output something like
johndoe:x:10000:1004::/var/www/vhosts/example.com:/bin/bash
ftp_user:x:10000:1004::/var/www/vhosts/example.com/httpdocs/:/bin/false
ftp_user_1:x:10000:1004::/var/www/vhosts/example.com/httpdocs/:/bin/false
 
Hi Peter,

I'm wait for Saturday in order to try the fix .
Seem to be simple .

I'll update the ticket when done .

Thanks for the fast support .

Regards

Fabrizio Iacopini
 
Developers responded that it is a known issue and caused by a new feature that was introduced in CentOS 8/Alma 8 and CloudLinux, but that it is only cosmetic with no real impact. The issue is caused by the fact that the SSSD is used on CentOS 8 by default. On most, Linux distros system calls show the first user from the list, but in Centos8 this OS behavior was changed since the SSSD returns the last matched entry in /etc/passwd.

The impact is only visual, however, the following workaround may be implemented to fix this:

1) Swap the 'sss' and 'files' for the passwd map in /etc/nsswitch.conf file.
The result should look like this:
passwd: files sss systemd

2) The same manipulation should be applied to /etc/authselect/user-nsswitch.conf file

To ensure that the system user johndoe is located above all additional users run the following command:
# grep '10000' /etc/passwd
(with '10000' = system user ID of the user in question)
should output something like
johndoe:x:10000:1004::/var/www/vhosts/example.com:/bin/bash
ftp_user:x:10000:1004::/var/www/vhosts/example.com/httpdocs/:/bin/false
ftp_user_1:x:10000:1004::/var/www/vhosts/example.com/httpdocs/:/bin/false
Hello Peter

The impact is much more than just visual: this change of owner has an impact on the path of ssh keys and .ssh/known_hosts files.
 
Back
Top