SFTP is not available for additional FTP users

Follow

Comments

4 comments

  • Avatar
    Permanently Deleted User

    This method seems to work with Plesk 12.x on CentOS 6.5, but not anymore with Onyx on CentOS 7. The user can still logon but is not chrooted, it has acces to the whole vhost!

  • Avatar
    Artyom Baranov

    Hello Tim,

    Changing the shell for an additional user to `/usr/libexec/openssh/sftp-server` only grants him the permission to connect over SFTP.

    That does not enable chrooted access and is not officially recommended.

  • Avatar
    Maik Vattersen

    Enable SFTP Login like below, let customers Browse the Filesystem.

    They are able to see other Domain and Systemfolders, but are unable to get into these Directories. BUT they can download Configs from /etc and other Paths!

    I didn't find a quick solution, to enable SFTP for Customers with chroot Environment. 

  • Avatar
    Taras Ermoshin

    Hi @Maik Vattersen !

    In Plesk, chrooted SFTP access is possible only for the subscription's system user.

    Additional FTP users of the subscription have the same UID as the system user, and because of that, the chrooted shell cannot be used for them, but only non-chrooted SFTP as described in this article.

    If you think SSH access for the additional FTP users is to be implemented in Plesk, feel free to create a feature request (or vote for an existing one) on the UserVoice portal. If a request gets many votes, it will be considered for implementing.

    As for not accessing files of other subscriptions and accessing configuration files in /etc and other locations, this behavior is expected - subscription directories have permissions 710 (drwx--x---), and the majority of the /etc subdirectories have the read permission for other users.

Please sign in to leave a comment.

Have more questions? Submit a request