1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

How To: Add Secure Shell Access for web_users

Discussion in 'Plesk for Linux - 8.x and Older' started by cgraham149, Jul 12, 2005.

  1. cgraham149

    cgraham149 Guest

    0
     
    Adding Secure Shell Access for web_users under 1 domain

    +++ I do not know if this is SECURE / SAFE - but it worked for my purposes +++

    Step 1:
    Login as: root (I use WinSCP).
    Navigate to: /usr/libexec/
    Download: /usr/libexec/openssh/ (whole directory - containing sftp-server & ssh-keysign)

    Step 2:
    Navigate to: /home/httpd/vhosts/chroot/usr/libexec
    Upload openssh dir (containing sftp-server & ssh-keysign) - make sure permission are set to 0755 on sftp-server and 0711 on ssh-keysign

    Step 3:

    Use Plesk to create new web_user: user1


    Step 4:

    Shell Login as: root (I use PuTTy)

    Issue the following comand (modify domain as needed):

    /usr/local/psa/admin/bin/chrootmng --create --source=/home/httpd/vhosts/chroot --target=/home/httpd/vhosts/domain.com/web_users/user1

    Step 5:

    Still using WinSCP as root...

    Navigate to: /etc
    Right click on passwd file and choose edit
    New web_user entry should be last on the list and looks like this:

    user1:x:10004:10001::/home/httpd/vhosts/domain.com/web_users/user1:/bin/false

    Change /bin/false to /usr/local/psa/bin/chrootsh so it looks like this:

    user1:x:10004:10001::/home/httpd/vhosts/domain.com/web_users/user1:/usr/local/psa/bin/chrootsh

    Save file

    Copy 1st part of above like this:

    user1:x:10004:10001::

    Step 6:

    Navigate to: /home/httpd/vhosts/domain.com/web_users/user1/etc
    Right click on passwd file and choose edit
    Paste user1:x:10004:10001:: and add this /:/bin/bash - it should look like this:

    user1:x:10004:10001::/:/bin/bash

    Save file

    Web_user now has secure shell access to his own directory. He can also SFTP or FTP to that directory but is locked down and can not move up into higher directories!!

    Step 4 will copy all files and folders in chroot to the web_user directory, including:

    bin, lib, tmp, var

    I think it is ok to remove those directories and probably should as they may pose a security risk.
     
  2. akucharski

    akucharski Guest

    0
     
    One moment - is there really no way under Plesk to create shell access for domain administrators or web users using the gui?
     
  3. cgraham149

    cgraham149 Guest

    0
     
    You can create shell access for a single Domain user but not for multiple web_users under the same domain.
     
Loading...