Shell access is somehow granted to 2 plesk users

[Frater]

I just added a Linux user and checked the contents of /etc/passwd by issuing
It's to find out which users have shell access.

grep  ':/bin/.*sh$' /etc/passwd

It showed me 2 user accounts that had shell access.
These 2 users (like many others) have been migrated several times and are Plesk accounts for about 5 years.
Currently they are running on a Plesk 11.5.3 server.
These are the administrators of merely a site and these accounts are normally not used.

One account has the opening shell "/usr/local/psa/bin/chrootsh" and the other one has "/bin/sh""
I can of course change both to "/bin/false", but I would like to know how it ever got this way.
I have checked both accounts using the PSA and I can't find any additional SSH access there.

Anyone knows which settings I should check?

 

[InderS]

Hello,

Check ssh setting through plesk panel

1. Login to Parallels Plesk Panel
2. Click on the Domains icon or link
3. Select the domain you want to forward from the list
4. Click on the Website Settings
5. Check which SSH shell is enabled for you account

 

[Lloyd_mcse]

Yeah, I had this in December. Out of 2 domains migrated one had



One of these enabled, I only noticed when I sftp'd to the server.
The other one was fine.

Change in..

Plesk -> Subscriptions -> domain.tld -> Customize -> Permissions.

My Migration was from...

Ubuntu 10.04.4 LTS - Plesk 11.5.30
To
Ubuntu 12.04.3 TLS - Plesk 11.5.30

Unsure what MU's they were on but it would have been whatever the latest update was in mid December.