Chrooted directories are created in subscription directory on Plesk for Linux server even if SSH access for subscription is forbidden

Symptoms

• On a Linux-based server that runs Plesk Obsidian, Chrooted directories exist in the subscription's directory: 

  # ls -la /var/www/vhosts/example.com/
  drwx--x--- 13 user psaserv 4096 Apr 24 10:02 .
  drwxr-xr-x 546 root root 20480 Apr 24 10:00 ..
  drwxr-xr-x 2 root root 4096 Apr 24 10:02 bin
  drwxr-xr-x 2 root root 4096 Apr 24 10:02 dev
  drwxr-xr-x 2 user psacln 4096 Apr 24 10:00 error_docs
  drwxr-xr-x 2 root root 4096 Apr 24 10:02 etc
  drwxr-x--- 5 user psaserv 4096 Apr 24 10:00 httpdocs
  drwxr-xr-x 3 root root 4096 Apr 24 10:02 lib
  drwxr-xr-x 2 root root 4096 Apr 24 10:02 lib64
  drwx------ 2 user root 4096 Apr 24 10:00 logs
  drwxrwxrwt 2 root root 4096 Apr 24 10:02 tmp
  drwxr-xr-x 3 root root 4096 Apr 24 10:02 usr
  drwxr-xr-x 3 root root 4096 Apr 24 10:02 var

• In Plesk > Domains > example.com > Hosting & DNS > Hosting the SSH access type is set to Forbidden:
  

• In Plesk > Tools & Settings > Scheduled Tasks > Settings, the Crontab shell option is set to /bin/bash (chrooted):
  

• In the Plesk configuration database (psa ), in the table misc, the parameter crontab_secure_shell_compatibility_mode is not enabled:

  # plesk db
  MariaDB [psa]> select param, val from misc where param = 'crontab_secure_shell_compatibility_mode';
  Empty set (0.00 sec)

Cause

These folders are created upon multiple conditions:

• Chrooted shell is enabled for the domain (in this case, the folders are removed, if it is disabled)

• Command which uses OS binaries (like wget, curl, echo, cat, etc..) is used in the Scheduled Tasks (in this case, the folders are created and will remain as is)

Resolution

1. Log into Plesk

2. Go to Tools & Settings > Scheduled Tasks (Cron jobs) > Settings.

3. Set the option Crontab shell as /bin/sh and click OK or Apply to save the changes.

Click on a section to expand