• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Should Web Files be assigned the 'Root' User or should the Domain's Subscriber be assigned the role?

C

Craig1986

Basic Pleskian
I run a VPS that hosts a variety of Domains, owned by different people. Though they have their own Plesk and FTP Login credentials, I am the one who takes responsibility for the web files. Backups, SFTP Uploads etc.

In the interest of ease, I have been accessing Plesk via my Root credentials as well as using my Root credentials to upload content to the VPS via SFTP.

As such, all of the Web Files have been assigned the 'Root' User when viewing the files within Plesk's File Manager. I have not experienced any major issues with this, to date, but wondering if this is the standard way of dealing with Web Files.

Upon thinking about the topic, my incline is that Web Files should be assigned the User of the individual Subscriber and not that of Root. Is my thinking correct or should I leave the User roles as 'Root'?

I have had a look around but would appreciate further clarification on any issues that could arise (mainly security), in using Root over the individual Subscriber as the User Role for Web Files.
 
The apparent downside of the current situation is that your customers aren't able to use their FTP or their Plesk's File Manager to manage these files, apart from reading them.

The web server itself also isn't able to modify the files - which can be a plus as far as security is concerned, but it might also hinder certain functions of the web pages.

For the customers to have full access, the owner of the files should be their system user and the group should be psacln. I suppose that would be considered to be the norm on Plesk servers.

As for the security considerations, the web pages might actually be more secure as they are now (assuming the file permissions are correct)... but it's entirely up to you to judge which approach better suits yours and the needs of your customers, as it largely depends on the web pages themselves.
 
Have I understood it right that when a Website is assigned the User Role of 'Root', the improved security comes from the fact that the Web Files are better protected in the event that a Subscriber's Account becomes compromised?
 
Yes, e.g. if the code of a web site would be vulnerable in a way that would allow an attacker to modify an existing file and add some malicious code of his own to it, having files owned by user/group root makes such an attack impossible. On the other hand, a possible SQL injection would not be prevented...

Basically, what I'm saying is that instead of having all customer files set to <customer user>:<group psacln> and permission 644, subtle changes to permissions and even ownership can prevent certain common attacks.
 
You must log in or register to reply here.

Similar threads

H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
534
Raul A.
R
davidds64
Question How to upgrade MariaDB to latest version with Plesk Obsidian on Alma Linux 9
Replies
5
Views
3K
davidds64
davidds64
P
Issue Is it just me or nothing is working like it should in Plesk?
Replies
5
Views
1K
MarkM
MarkM
G
Resolved Plesk Migrator: Subscribers, Service Plans and Customers not properly transferred
2
Replies
20
Views
4K
HHawk
HHawk
K
Question Error message during Plesk Updates “Warning: install PAM module not successed” (PAMConfig.confset.PAMServiceError: system-auth)
Replies
2
Views
2K
johnrdorazio
J
Back
Top