• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Why is the user's chroot-home not owned by root?

P

peng

New Pleskian
Hello,

I'm setting up a vserver for learning purposes.
One topic I read about were creating chroot environments.

The tutorials always stated "everything inside the chroot directory is owned by root"
and "the chroot directory itself is owned by root too"

When I ssh to my server with PLESK "ls -la" shows me the following output

drwx--x--- 16 subXXXX psaserv 4096 Jan 21 13:09 .
drwx--x--- 16 subXXXX psaserv 4096 Jan 21 13:09 ..

But that seems to be a conflict with the statement above.

Can someone explain me please the reason why those directories are not owned by root?

Thanks in advance.
 
The manuals you have cited may work for a default server, but they are not meant for Plesk. Plesk is already chrooting your environment when you select SSH chrooted shell for the subscription. As this is done on a "per subscription user" basis, everything in the subscription space is owned by the subscription user but /bin, /dev, /etc, /lib, /lib64, /tmp, /usr and /var. If everything including the chrooted directory was owned by root, the subscription user either needed root privileges to do something inside his own shell space, or it does not make sense to chroot the directory in the first place. Plesk keeps subscriptions separate, and files and directories that one subscription user can access cannot be accessed by another subscription user. The files of each subscription are owned by the subscription user for that reason.

If you allowed a user to login via SSH to his shell and edit these directories, the user could install additional libraries that might do things to the server you do not want to happen.
 
You must log in or register to reply here.

Similar threads

H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
563
Raul A.
R
A
Question Some security questions
Replies
2
Views
1K
amba1980
A
S
Question grant ftp user access to all folders
Replies
1
Views
2K
mow
M
P
Forwarded to devs New FTP user overwrites system user
Replies
1
Views
1K
IgorG
IgorG
Talistech
Question Missing /bin/bash (chrooted)
Replies
1
Views
2K
HostaHost
H
Back
Top