• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

chroot sftp for subdomain ftp user?

T

thosmos

New Pleskian
I would like to grant a subdomain ftp user the right to use a chrooted sftp rather than plain ftp to log into his site. However, the only way to do this appears to be to change his shell to a full bash shell, rather than using the psa chroot shell as can happen with regular domain users. Why does this not work for subdomain users?

[root@mydomain ~]# cat /etc/passwd
subuser:x:10030:10001::/var/www/vhosts/mydomain.com/subdomains/test:/usr/local/psa/bin/chrootsh

Even when I try to "su - subuser" from root, I get this error, which I assume is a symptom of the problem:

[root@mydomain ~]# su - subuser
mkdtemp() failed
system error: No such file or directory

Any ideas how to make this work?

T
 
I figured it out, and it's fairly obvious. The subdomain folder does not have all of the necessary files and folders to support the chroot shell. You can add all of that by hand, or write a script to generate it.

T
 
These are the steps to create a subdomain account with chroot shell (considering you have root shell access):

Let's assume your subdomain is "mysub.yourdomain.com"

1.- Enable shell access in plesk for the domain the subdomain belongs, you can follow this tutorial:
http://kb.mediatemple.net/questions/914/Enable+SSH+Terminal+for+FTP+user+within+Plesk

2.- Create user "john":
-bash-3.1# useradd -d /var/www/vhosts/yourdomain.com/subdomains/mysub/ -g psacln -s /usr/local/psa/bin/chrootsh john

3.- Set password:
-bash-3.1# passwd john

4.- Copy the directories the chroot shell needs to work. These directories were created by plesk at domain level when you did step 1.

The directories you need to copy:
var, usr, tmp, lib, etc, dev, bin

Example:
-bash-3.1# cp -R /var/www/vhosts/yourdomain.com/var /var/www/vhosts/yourdomain.com/subdomains/mysub/

5.- Once you hace copied all the directories, open the file:
/var/www/vhosts/yourdomain.com/subdomains/mysub/etc/passwd

and change the user data with jonh's data, after editing, it should look something like this:
john:x:10239:2524::/:/bin/bash

Note: you just need to change the username and the UID with the data from the user just created in step 2 (john).

THE UID is the first number from left to right. Leave the GID intact! (the second number from left to right).

You can get the user ID with this command:
-bash-3.1# id john

That's all you need to do. Now you can access via sftp using a ftp client like filezilla and upload your data securely. Or you can access via ssh, using putty, or any other software.
 
You must log in or register to reply here.

Similar threads

J
Issue Additional FTP accounts fatal error over SFTP: Received unexpected end-of-file from SFTP server
Replies
10
Views
5K
learning_curve
learning_curve
D
Resolved Restore /var/www/vhosts/chroot/ permissions
Replies
1
Views
4K
dalydesign
D
Christoph Farnleitner
File owner in subscription is unequal to sys user (actual file owner-name is set to a FTP-user name)
Replies
2
Views
1K
Christoph Farnleitner
Christoph Farnleitner
DaniëlB1990
Resolved Unable to SFTP (due to?) & Incorrect chown/chmod rights
Replies
2
Views
2K
DaniëlB1990
DaniëlB1990
T
Question Need additional SFTP Accounts
Replies
1
Views
1K
Trosten
T
Back
Top