• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question SSH access with more restricted permissions

C

cool_sh

Basic Pleskian
Hi guys,

Regarding SSH access for customers you can choose between allowing only acces in/as "bin/bash (chrooted)" or the other types. As the chrooted can nearly do nothing except some very basic functionality like copy and move I would switch to 'usr/bin/bash'.

The problem is that with that option users can change directory to higher levels and so see vhosts and domains of other customers. They can not change into it, but see them already. Is there a way to restrict the permissions like configuring different ACLS for that ?

Another problem I see is, when not restricting to chrooted only, users can change between all other types and so can have the right to install or update centos libraries! Am I wrong with that?

I was wondering if anyone of you has a solution for me or a tip.

Regards
cool_sh
 
If you use an unrestricted shell then the user has access to all the commands on the system. If these commands can be run by a user then that user could do so. They may have difficulty changing root files, but with some work they could/probably compromise the system. It's not a good idea to give shell access to customers in a shared environment generally speaking.

In short using chroot to force the root directory structure to the users home dir is a screen door for security. A program can also break out of a chroot jail if it can gain root privilege and use chroot() to change its current working directory to the real root directory. For this reason, you should ensure that a chroot jail does not contain any setuid or setgid executables that are owned by root.

Commands will not run unless you have copied their binaries and any required shared libraries to the chroot jail.
 
Hi,

it's been a while..
I fully understand the security risks but the chrooted has nearly no possibility and so giving SSH to a user is like having FTP still.
E.g. the easiest tools and commands do not work like: date, vim, make, using php and so on.

Do you all have extended the chrooted with every single command you will allow your users?
 
Adding new command to chrooted in shared hosting can be risky.

Consider offering VPS Plans to customers require to run many command in shell.

I have a smililar issue with Magento 2. Required Shell access with lots of commands to run.
 
Hi all,

thanks for the answers but my questions was, are you really patching the chrooted with so many commands? No easier way?
Offering VPS is not really a solution, expecially when it comes to reseller-accounts. A reseller has a big VPS and so he has customers with sub-accounts and can not offer shared hosting with SSH. Instead the only way is to have lots of VPS for every single one :(

Regards
 
You must log in or register to reply here.

Similar threads

A
Resolved Unable to modify a subscription's SSH access
Replies
4
Views
1K
Kaspar
K
P
Resolved Event Manager - Plesk user logged in not firing
Replies
7
Views
789
pleskuser67553
P
F
Question What is the difference between options 'Access to the server over SSH' parameter in Plesk?
Replies
2
Views
877
FutureX
F
S
Resolved XML API Proxmox Acme Plugin Failure
Replies
1
Views
1K
seek1338
S
S
Resolved Access to the server over SSH: doesn't appear dropdown menu
Replies
15
Views
3K
Peter Debik
P
Back
Top