• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Why is the user's chroot-home not owned by root?

P

peng

New Pleskian
Hello,

I'm setting up a vserver for learning purposes.
One topic I read about were creating chroot environments.

The tutorials always stated "everything inside the chroot directory is owned by root"
and "the chroot directory itself is owned by root too"

When I ssh to my server with PLESK "ls -la" shows me the following output

drwx--x--- 16 subXXXX psaserv 4096 Jan 21 13:09 .
drwx--x--- 16 subXXXX psaserv 4096 Jan 21 13:09 ..

But that seems to be a conflict with the statement above.

Can someone explain me please the reason why those directories are not owned by root?

Thanks in advance.
 
The manuals you have cited may work for a default server, but they are not meant for Plesk. Plesk is already chrooting your environment when you select SSH chrooted shell for the subscription. As this is done on a "per subscription user" basis, everything in the subscription space is owned by the subscription user but /bin, /dev, /etc, /lib, /lib64, /tmp, /usr and /var. If everything including the chrooted directory was owned by root, the subscription user either needed root privileges to do something inside his own shell space, or it does not make sense to chroot the directory in the first place. Plesk keeps subscriptions separate, and files and directories that one subscription user can access cannot be accessed by another subscription user. The files of each subscription are owned by the subscription user for that reason.

If you allowed a user to login via SSH to his shell and edit these directories, the user could install additional libraries that might do things to the server you do not want to happen.
 
You must log in or register to reply here.

Similar threads

S
Question grant ftp user access to all folders
Replies
1
Views
2K
mow
M
P
Forwarded to devs New FTP user overwrites system user
Replies
1
Views
840
IgorG
IgorG
D
Issue Logration not working especially access_log.processed
Replies
0
Views
971
destan40
D
Christoph Farnleitner
File owner in subscription is unequal to sys user (actual file owner-name is set to a FTP-user name)
Replies
2
Views
2K
Christoph Farnleitner
Christoph Farnleitner
T
Mailman - no such list
Replies
1
Views
2K
Tibor Szentmarjay
T
Back
Top