• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved New FTP user becomes visual owner of all files of the webspace on Alma 8.x

F

fabrizioi

Basic Pleskian
Username:

TITLE

New FTP user becomes visual owner of all files of the webspace

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk Obsidian Version 18.0.51 Update #1
AlmaLinux 8.7 (Stone Smilodon) X64

PROBLEM DESCRIPTION

Dear Plesk Support Team,

As I have posted here:

Issue - Strange File Permission View Issue

Hi All, I'm on Plesk Obsidian 18.0.51 with AlmaLinux 8.7 . Everything works fine (this is my first machine with AlmaLinux instead of CentoOS) Consider this scenario: subscription mydomain.com user subscription mydomain.com If i create an additional FTP Account for example subftp-user to a...
talk.plesk.com talk.plesk.com
and as in this discussion

Issue - New FTP user becomes owner of all files of the webspace

Not sure if this is a bug or a feature, but it feels wrong. I am in the progress to migrate to a new server that runs Plesk Obsidian 18.0.47. I have a system user on a domain called user1. All files of the domain and subdomain are owned by this user. This is good. I now add a new FTP user...
talk.plesk.com talk.plesk.com

Preamble
I have a lot of Linux Centos with Plesk 18.x without any issues .


I have setup a new WebServer with Plesk and AlmaLinux.
(CentOS unfortunaly he has left us)

Everything work very well except subscriptions where I need to setup additional ftp user (needed to create some little service to specific protected folder)

For example:

subsriptions mydomain.com
subscription owner mydomain.com ( I always use the same for semplicity)

From shell
cd /var/www/vhosts/mydomain.com/httpdocs
ll
.
..
exampledir "owner mydomain.com:psacln"

Go to Plesk Panel, add new Ftp User "subaccount-user"

From Shell

cd /var/www/vhosts/mydomain.com/httpdocs
ll
.
..
exampledir "owner subaccount-user:psacln"

In reality this is not true, but AlmaLinux lie us and himself
For example subaccount-user cannot access the WebSpace if for example try to configure it in a FileZilla Ftp session.

Some user on Forum tell me this is related on the order of user in /etc/passwd

This is not possible.

For example try to configure on the fly a new FileZilla Ftp client session with user mydomain.com.
This user can obviously connect to the subscriptions, he is the owner.
FileZilla report in the remtot screen the correct owner on file and folders.

.
..
exampledir "owner mydomain.com:psacln"

As reported by other user, it seems this bug is specific to AlmaLinux 8.7.
This affect also browsing a folder from Plesk Panel: it report a wrong user owner .

STEPS TO REPRODUCE

  1. Setup a new Almalinux 8.7 WebServer
  2. Setup Plesk Obsidian Version 18.0.51 Update #1
  3. Create a subscription mydomain.com
  4. Add new Ftp User
  5. Check subscription owner from ssh shell

ACTUAL RESULT

Wrong display user owner

EXPECTED RESULT

Correct display user owner

ANY ADDITIONAL INFORMATION

(DID NOT ANSWER QUESTION)

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Hi @fabrizioi , thank you for reporting. Please give me a day or two to recreate the scenario in a test environment before I forward it to developers. I'll report back here as tests etc. progress.
 
@fabrizioi Thanks again for reporting, I have tested the scenario against Centos 7.x, Alma 8.x, Alma 9.x and Debian 11.x and found that only on Alma 8.x the issue occurs. It has been forwarded to developers as PPS-14387.
 
Developers responded that it is a known issue and caused by a new feature that was introduced in CentOS 8/Alma 8 and CloudLinux, but that it is only cosmetic with no real impact. The issue is caused by the fact that the SSSD is used on CentOS 8 by default. On most, Linux distros system calls show the first user from the list, but in Centos8 this OS behavior was changed since the SSSD returns the last matched entry in /etc/passwd.

The impact is only visual, however, the following workaround may be implemented to fix this:

1) Swap the 'sss' and 'files' for the passwd map in /etc/nsswitch.conf file.
The result should look like this:
passwd: files sss systemd

2) The same manipulation should be applied to /etc/authselect/user-nsswitch.conf file

To ensure that the system user johndoe is located above all additional users run the following command:
# grep '10000' /etc/passwd
(with '10000' = system user ID of the user in question)
should output something like
johndoe:x:10000:1004::/var/www/vhosts/example.com:/bin/bash
ftp_user:x:10000:1004::/var/www/vhosts/example.com/httpdocs/:/bin/false
ftp_user_1:x:10000:1004::/var/www/vhosts/example.com/httpdocs/:/bin/false
 
Hi Peter,

I'm wait for Saturday in order to try the fix .
Seem to be simple .

I'll update the ticket when done .

Thanks for the fast support .

Regards

Fabrizio Iacopini
 
Peter Debik said:
Developers responded that it is a known issue and caused by a new feature that was introduced in CentOS 8/Alma 8 and CloudLinux, but that it is only cosmetic with no real impact. The issue is caused by the fact that the SSSD is used on CentOS 8 by default. On most, Linux distros system calls show the first user from the list, but in Centos8 this OS behavior was changed since the SSSD returns the last matched entry in /etc/passwd.

The impact is only visual, however, the following workaround may be implemented to fix this:

1) Swap the 'sss' and 'files' for the passwd map in /etc/nsswitch.conf file.
The result should look like this:
passwd: files sss systemd

2) The same manipulation should be applied to /etc/authselect/user-nsswitch.conf file

To ensure that the system user johndoe is located above all additional users run the following command:
# grep '10000' /etc/passwd
(with '10000' = system user ID of the user in question)
should output something like
johndoe:x:10000:1004::/var/www/vhosts/example.com:/bin/bash
ftp_user:x:10000:1004::/var/www/vhosts/example.com/httpdocs/:/bin/false
ftp_user_1:x:10000:1004::/var/www/vhosts/example.com/httpdocs/:/bin/false
Click to expand...
Hello Peter

The impact is much more than just visual: this change of owner has an impact on the path of ssh keys and .ssh/known_hosts files.
 
You must log in or register to reply here.

Similar threads

F
Issue Strange File Permission View Issue
Replies
0
Views
415
fabrizioi
F
F
Issue New FTP user becomes owner of all files of the webspace
2
Replies
21
Views
3K
Felix
F
Christoph Farnleitner
File owner in subscription is unequal to sys user (actual file owner-name is set to a FTP-user name)
Replies
2
Views
1K
Christoph Farnleitner
Christoph Farnleitner
O
Issue root user lost access to all vhost folders and files
Replies
1
Views
1K
Organizer
O
M
Resolved FTP not writing any content to file, what can it be?
Replies
6
Views
7K
mb_martijn
M
Back
Top