• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

chroot sftp for subdomain ftp user?

T

thosmos

New Pleskian
I would like to grant a subdomain ftp user the right to use a chrooted sftp rather than plain ftp to log into his site. However, the only way to do this appears to be to change his shell to a full bash shell, rather than using the psa chroot shell as can happen with regular domain users. Why does this not work for subdomain users?

[root@mydomain ~]# cat /etc/passwd
subuser:x:10030:10001::/var/www/vhosts/mydomain.com/subdomains/test:/usr/local/psa/bin/chrootsh

Even when I try to "su - subuser" from root, I get this error, which I assume is a symptom of the problem:

[root@mydomain ~]# su - subuser
mkdtemp() failed
system error: No such file or directory

Any ideas how to make this work?

T
 
I figured it out, and it's fairly obvious. The subdomain folder does not have all of the necessary files and folders to support the chroot shell. You can add all of that by hand, or write a script to generate it.

T
 
These are the steps to create a subdomain account with chroot shell (considering you have root shell access):

Let's assume your subdomain is "mysub.yourdomain.com"

1.- Enable shell access in plesk for the domain the subdomain belongs, you can follow this tutorial:
http://kb.mediatemple.net/questions/914/Enable+SSH+Terminal+for+FTP+user+within+Plesk

2.- Create user "john":
-bash-3.1# useradd -d /var/www/vhosts/yourdomain.com/subdomains/mysub/ -g psacln -s /usr/local/psa/bin/chrootsh john

3.- Set password:
-bash-3.1# passwd john

4.- Copy the directories the chroot shell needs to work. These directories were created by plesk at domain level when you did step 1.

The directories you need to copy:
var, usr, tmp, lib, etc, dev, bin

Example:
-bash-3.1# cp -R /var/www/vhosts/yourdomain.com/var /var/www/vhosts/yourdomain.com/subdomains/mysub/

5.- Once you hace copied all the directories, open the file:
/var/www/vhosts/yourdomain.com/subdomains/mysub/etc/passwd

and change the user data with jonh's data, after editing, it should look something like this:
john:x:10239:2524::/:/bin/bash

Note: you just need to change the username and the UID with the data from the user just created in step 2 (john).

THE UID is the first number from left to right. Leave the GID intact! (the second number from left to right).

You can get the user ID with this command:
-bash-3.1# id john

That's all you need to do. Now you can access via sftp using a ftp client like filezilla and upload your data securely. Or you can access via ssh, using putty, or any other software.
 
You must log in or register to reply here.

Similar threads

H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
567
Raul A.
R
J
Issue Additional FTP accounts fatal error over SFTP: Received unexpected end-of-file from SFTP server
Replies
10
Views
8K
learning_curve
learning_curve
D
Resolved Restore /var/www/vhosts/chroot/ permissions
Replies
1
Views
5K
dalydesign
D
A
Issue chrooted SSH access does not work after migration
Replies
4
Views
4K
Paul_N
Paul_N
Christoph Farnleitner
File owner in subscription is unequal to sys user (actual file owner-name is set to a FTP-user name)
Replies
2
Views
2K
Christoph Farnleitner
Christoph Farnleitner
Back
Top