• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Why is the user's chroot-home not owned by root?

peng

New Pleskian
Hello,

I'm setting up a vserver for learning purposes.
One topic I read about were creating chroot environments.

The tutorials always stated "everything inside the chroot directory is owned by root"
and "the chroot directory itself is owned by root too"

When I ssh to my server with PLESK "ls -la" shows me the following output

drwx--x--- 16 subXXXX psaserv 4096 Jan 21 13:09 .
drwx--x--- 16 subXXXX psaserv 4096 Jan 21 13:09 ..

But that seems to be a conflict with the statement above.

Can someone explain me please the reason why those directories are not owned by root?

Thanks in advance.
 
The manuals you have cited may work for a default server, but they are not meant for Plesk. Plesk is already chrooting your environment when you select SSH chrooted shell for the subscription. As this is done on a "per subscription user" basis, everything in the subscription space is owned by the subscription user but /bin, /dev, /etc, /lib, /lib64, /tmp, /usr and /var. If everything including the chrooted directory was owned by root, the subscription user either needed root privileges to do something inside his own shell space, or it does not make sense to chroot the directory in the first place. Plesk keeps subscriptions separate, and files and directories that one subscription user can access cannot be accessed by another subscription user. The files of each subscription are owned by the subscription user for that reason.

If you allowed a user to login via SSH to his shell and edit these directories, the user could install additional libraries that might do things to the server you do not want to happen.
 
Back
Top