• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue [PPM-2537] error to set chrooted ssh access

M

MicheleP

Basic Pleskian
Server operating system version
Centos 7
Plesk version and microupdate number
18.0.47
I'm trying to set /bin/bash (chrooted) acces for a new domain
But I get:
Error: System user update is failed: chrootmng failed: Safe link creation from '/var/www/vhosts/chroot/etc/resolv.conf' to '/var/www/vhosts/domain/etc/resolv.conf' failed: Operation not permitted chrootmng[25539]: Failed to create chroot environment: Failed to create link '/var/www/vhosts/domain/etc/resolv.conf':Operation not permitted

where domain is for the real domain

There is a solution?
Thanks
 
Try to repair vhosts permissions with

# plesk repair fs domain.com
# plesk repair web domain.com
 
I've used another server and it works, but if connect in ssh I can see all files also of other subscriptions
Why? Is it normal?
What is the setting to limit the user to his website folder and files?
 
Solved, I was logging as root.
However with the correct user I can connect in SFTP but not with SSH
Probably there is something I'm doing wrong?
 
ok solved on this server
but on the first I get the same error

Error: System user update is failed: chrootmng failed: Safe link creation from '/var/www/vhosts/chroot/etc/resolv.conf' to '/var/www/vhosts/domain/etc/resolv.conf' failed: Operation not permitted chrootmng[25539]: Failed to create chroot environment: Failed to create link '/var/www/vhosts/domain/etc/resolv.conf':Operation not permitted
 
A note, all this is to have a simple functional SFTP account, but why plesk doesnt enable SFTP on the additional FTP users??
This way I 'm giving also ssh acces to the user, that I dont want, because the ftp user must not see what is in the folders up level.
Ando so I need to create a domain for this (that however is not a good idea).
And If I need more SFTP users (and I need more SFTP users) I must create additional domains for every FTP user!
This is a nonsense if it works. When it doenst work, as in this case, it is a delirium, as I must change server (!!) to have an SFTP account
 
MicheleP said:
but why plesk doesnt enable SFTP on the additional FTP users??
Click to expand...
FTP and SFTP are two different things. SFTP ist actually not FTP, but SSH. On top of an SSH connection the FTP protocol is run. For most applications an FTP user does not need SSH access. An SFTP user would automatically gain SSH access to the server which may not be desirable in most cases. Maybe FTPS (FTP with SSL) can also fulfill your requirements?

I could imagine a radio selector or checkbox where - when someone creates a new FTP account - he can also opt to give the same user SSH access (hence SFTP access). If you think that this is something that makes Plesk a better product, maybe you can create a case here:
 
Hi, I need SFTP accounts becouse I'm requested SFTP accounts
There is no personal preferences in this. I've been request this, I've seen that plesk "can" do it, and so ok we can do it.
Didn't know all this ...
Those cannot be seen as personal requests but as basic features that use standard and protocols, in particular for security

And as for your suggestion, it would be a very simple and good solution.
But sadly, I think that this will not even be read
There is yet a very similar request to what I "ask" (among many others) from 2013 (!!!) with 349 votes (how many more votes wants plesk??)
Enable chrooted sftp for more than one user per account
 
  1. Download and unpack the script:
    # curl -LO https://plesk.zendesk.com/hc/article_attachments/360009752840/213912005_clone_shell.tar.gz
    # tar xf 213912005_clone_shell.tar.gz
  2. Run the script providing the names of additional users:
    # ./213912005_clone_shell.sh examplecom1 examplecom2
    Changing examplecom1 shell from /bin/false to /usr/local/psa/bin/chrootsh
    Adding examplecom1 to the chrooted passwd file
    Changing examplecom2 shell from /bin/false to /usr/local/psa/bin/chrootsh
    Adding examplecom2 to the chrooted passwd file


but be careful. it is really dirty and may lead you to the dark side.
please apply on your own risk only!
 
You must log in or register to reply here.

Similar threads

QWeb Ric
Resolved Removing PHP from chroot template
Replies
5
Views
541
QWeb Ric
QWeb Ric
S
Resolved Warning: Unable to back up files
Replies
4
Views
1K
smilan
S
Dmytro
Question unzip archive with Cyrillic filenames inside
Replies
1
Views
1K
Dmytro
Dmytro
F
Question How to set up chroot for php-fpm?
Replies
8
Views
4K
frame86
F
W
Issue scheduled task ERROR | /opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/wp-toolkit/scripts/instances-auto-update.php'
Replies
3
Views
2K
Wolfgang Reidlinger
W
Back
Top