Re^2: [OT] FTP user permissions

Replies are listed 'Best First'.
Re^3: [OT] FTP user permissions by NERDVANA (Priest) on Dec 19, 2024 at 02:41 UTC
The manual option requires fiddling with some permissions on a normal OpenSSH system. Here're the relevant bits for the servers I manage: /etc/ssh/sshd_config `AllowGroups ... ssh-ftp-only ... ... Match Group ssh-ftp-only ChrootDirectory %h ForceCommand internal-sftp -d upload PermitTTY no` [download] Then add your user to that group, and set their shell to `/usr/local/sbin/scponlyc` if available. Then you need these permissions on their home directory: `drwxr-x--- 5 root user 4096 Jun 12 2017 /home/user/ drwx------ 2 root root 4096 Nov 7 2016 /home/user/.ssh drwxr-xr-x 2 user user 4096 Feb 27 2020 /home/user/upload` [download] This is because letting them modify their own .ssh directory or create a /lib directory within their chrooted home would also let them escape the chroot, so ssh checks for those cases before letting them write anything. When they connect, the current directory will be the chroot's /upload directory, and that will be the only directory they can write.	[reply] [d/l] [select]
Re^3: [OT] FTP user permissions by afoken (Chancellor) on Dec 17, 2024 at 09:36 UTC
Unfortunately, Plesk only allows SFTP for the system user. When an FTP account is created in Plesk, it doesn't seem to create an account in the normal way. It appears to be some kind of alias. When I use id username I do not get username:username but instead the sub account and a Plesk defined group. What a mess. For me, that alone would be an argument not to use Plesk. Alexander -- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)	[reply]
Re^4: [OT] FTP user permissions by Bod (Parson) on Dec 29, 2024 at 00:33 UTC
What a mess. For me, that alone would be an argument not to use Plesk For many years, I struggled with shared hosting. Much as I knew I really needed a better solution (read VPS) I was very concerned that having full access could easily mean I could break something! Also, if something is wrong, it's down to me to fix it... The move was forced on me when UK2 changed away from cPanel and broke every one of our sites because they stopped Perl working in the manner it previously was. So we decided to move, and over a weekend, I worked continuously to move all our essential production sites to a VPS. That VPS comes with Plesk. Although I could use a different management platform, it seems easier to use the one they provide. We don't currently have the luxury of a staging or test server so whatever I do has to be done without risking our production environment... There are two major issues that I haven't been able to sort out. FTP access and `.htaccess` files - as soon as I enable `RewriteEngine On` I get a 403 error, so we have lost all our SEO friendly vanity URLs. If my Linux knowledge was good enough, or I thought I could get it good enough, I might drop Plesk and configure the server manually but that's not an option.	[reply] [d/l] [select]