Facebook
Twitter
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion
[SOLVED] Centos 7 / Plesk 12 Chroot Not Working. | Users breaking out of chroot directory.
U
UFHH01
Guest
Hi SpyderZ,
did you use "/usr/local/psa/bin/repair --restore-vhosts-permissions" already?
For further CLI commands, regarding "chroot" management, please have a look at:
... and use for example the search word "chroot".
did you use "/usr/local/psa/bin/repair --restore-vhosts-permissions" already?
For further CLI commands, regarding "chroot" management, please have a look at:
... and use for example the search word "chroot".
J.Wick
Regular Pleskian
Yes, I ran that command. When I disable all access through the Plesk Web Hosting Access, I'm still able to login to the server. I did a bootstrap repair as well.
Had these errors at the end of the process on Centos 7
which: no unrar in (/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin)
Trying to install sftp-server binary into chroot environment... cp: cannot stat 'internal-sftp': No such file or directory
done
/var/www/vhosts/chrootinternal-sftp: inode/directory; charset=binary
probably it will not work in chrooted accounts
WARNING!
Some problems are found during register /var/www/vhosts/chrootinternal-sftp in chrooted environment(see log file: /var/log/plesk/install/plesk-whc-installation.log)
Continue...
cp: cannot stat '/lib/ld-linux*': No such file or directory
cp: cannot stat '/lib/libnss_*.so.2': No such file or directory
'/lib64/libnss_myhostname.so.2' -> '/var/www/vhosts/chroot/lib64/libnss_myhostname.so.2'
'/var/www/vhosts/chroot/etc/resolv.conf' => '/etc/resolv.conf'
done
Checking that /usr/local/psa/bin/chrootsh registered as login shell...
/usr/local/psa/bin/chrootsh already registered as a login shell
J.Wick
Regular Pleskian
OK, I've managed to get it down to one error, while running bootstrap repair.
Trying to install sftp-server binary into chroot environment... Warning: sftp-server binary not found
+ sftp connections will not be available for chrooted accounts
In my sshd_config
Subsystem sftp /usr/libexec/openssh/sftp-server
I verified the directory and file location on Centos 7. I don't know why bootstrap is complaining about this. It also explains why I can't login with chroot, but can with bash.
J.Wick
Regular Pleskian
SOLVED
The bootstraprepair.sh file is programmed to filter out spaces in the sshd_config file, not tabs, which is what stock Centos 7 comes with.
In my sshd_config
Subsystem sftp /usr/libexec/openssh/sftp-server
I changed them to spaces and bootstraprepair worked properly and installed the sftp-server properly into the chroot.
Subsystem sftp /usr/libexec/openssh/sftp-server
I also ran reconfigure domains,
/usr/local/psa/admin/sbin/httpdmng --reconfigure-all
Reset permissions,
/usr/local/psa/bin/repair --restore-vhosts-permissions
Stopped and restarted sshd and Plesk, and everything is now connecting and functioning as designed.
This is a bug in the bootstraperrepair script, where extra code should be added to compensate incase of tabs vs. spaces for the sftp-server subsystem line.
The bootstraprepair.sh file is programmed to filter out spaces in the sshd_config file, not tabs, which is what stock Centos 7 comes with.
In my sshd_config
Subsystem sftp /usr/libexec/openssh/sftp-server
I changed them to spaces and bootstraprepair worked properly and installed the sftp-server properly into the chroot.
Subsystem sftp /usr/libexec/openssh/sftp-server
I also ran reconfigure domains,
/usr/local/psa/admin/sbin/httpdmng --reconfigure-all
Reset permissions,
/usr/local/psa/bin/repair --restore-vhosts-permissions
Stopped and restarted sshd and Plesk, and everything is now connecting and functioning as designed.
This is a bug in the bootstraperrepair script, where extra code should be added to compensate incase of tabs vs. spaces for the sftp-server subsystem line.
