• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved FTP: avoid vhosts list

V

visualcons

New Pleskian
Hello,
inside the vhosts folder (root:root) there is a list of all the domains, and each has its permissions (eg ftp_user:psaserv).

FTP users are entered with "bin/bash", and therefore can connect via SFTP, with Filezilla for example, directly entering their directory /var/www/vhosts/domain.ext

The problem is that they can also go back and see all the other vhosts folders (even if they can't enter).

How can I get them stuck in their directory?
 
I've tried this solutions, but nothing.
I think the problem is in the first step.
Command echo -n 'SFTP restrictions '; [[ -e /httpdocs ]] && echo 'active' || echo 'inactive'
returns:
SFTP restrictions inactive

It should be SFTP restrictions active

I'm on Ubuntu 18.04, default installation with Plesk.

Command grep sftp /etc/ssh/sshd_config | grep -v '^#'
now returns:
Subsystem sftp /usr/lib/openssh/sftp-server
 
Did you reload sshd?
And did you make sure the following is set:
  • /bin/bash (chrooted) is selected as a shell in the Domains > example.com > Access to the server over SSH
 
Yes, I've reloaded sshd (service sshd reload).

If I select /bin/bash (chrooted) insteasd of /bin/bash, the user's default folder becomes the server root (/) and so he can go
anywhere
 
Well, that's exactly the idea behind chroot. You want to keep the user inside of his homedir (/var/www/vhosts/example.com).
Why should your user have access to anything outside of his homedir?
 
Exactly, I don't want this behavior.
But if I set /bin/bash (chrooted) automatically the user's ftp_customer : psaserv folder becomes "/" and so he can view bin, boot, dev, etc, ...

If I leave bin/bash, the folder is correct but he can go up and see the contents of vhosts (only see, not go into other domains folders).

Users have obviously been created in Plesk along with the creation of the subscription.
 
I still don't fully understand what you want to achieve.
If you use /bin/bash (chrooted) then you will see the folders of the chroot environment such as bin, dev, etc, usr, var etc.
But those are not the system folders /bin, /etc and such. The chroot folders only contain the files that are necessary to operate the chroot shell but the customer will be restricted to his homedir and won't be able to see and access anything outside of it.
So this is the correct behaviour. You should never give your users a non-chrooted shell.
 
Ok, it works, I kept restarting ssh instead of sshd. Thank you!

Can access be further restricted to httpdocs to prevent the customer from deleting them?
 
One last thing: Using the immutable bit on httpdocs might cause some issues with Plesk, I don't know. I don't use that method so I can't tell you what the impact is.

So don't blame me in case something else breaks ;)
 
You must log in or register to reply here.

Similar threads

UHF
Resolved SFTP Connection Issue
Replies
2
Views
2K
UHF
UHF
F
Resolved New FTP user becomes visual owner of all files of the webspace on Alma 8.x
Replies
7
Views
2K
stephanecottin
S
H
Issue Backup failing to connect to remote FTP server
Replies
5
Views
2K
Peter Debik
P
Ross Edwards
Resolved Unable to see mounted volume in VHOSTS over FTP
Replies
2
Views
795
Ross Edwards
Ross Edwards
PeopleInside
Resolved How to login as domain user in SSH?
Replies
3
Views
2K
PeopleInside
PeopleInside
Back
Top