• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved FTP users have access to root directory on server

Raymond_Davelaar

Basic Pleskian
OS ‪Ubuntu 14.04.5 LTS‬
Plesk Onyx Versie 17.0.17 Update #4, laatste update op 2016-10-25 13:23

FTP users have access to root directory on server. How to resolve
 
@Raymond_Davelaar, are you sure you're not mistaking server root for root of a chrooted shell? You may check /etc/passwd. How many entries (lines) does it have (please don't paste it here in full)?
 
which ftp server? proftpd? maybe you use sftp? are the users in /etc/passwd set to /bin/false?

/etc/proftpd/proftpd.conf
DocumentRoot set?
 
the users who are able to see root are granted bin/sh access under FTP settings. They cannot modify files but can read it and download it. Is there a saver way to grant them ssh access?
 
@Raymond_Davelaar, this dirs were added to your webspace after "Web Hosting Access" -> "Access to the server over SSH" was selected as "/bin/bash (chrooted)". They are hardlinks from /var/www/vhosts/chroot/ and no copies or links from your filesystem root (/). You could select another access type at Web Hosting Access to remove this dirs.
 
Back
Top