0

I have a Centos 7 server running the latest version of Plesk.

I want to create a user called all_sftp that has sftp only access to everything under /var/www/vhosts/

I've made the user, chrooted so their home directory just has vhosts folder in it, I've they're in a group called sftponly and that's all working fine.

I then use setfacl to give that user permission to vhosts:

setfacl -R  -m u:all_sftp:rwx /var/www/vhosts # set it on everything right now
setfacl -Rd -m u:all_sftp:rwx /var/www/vhosts # make it the default for newly added files/folders
setfacl -R -x u:all_sftp /var/www/vhosts/system # remove permissions for system folder
setfacl -Rd -x u:all_sftp /var/www/vhosts/system # remove default permissions for system folder

That works and gives the account access to everything in vhosts, however when I create a new website in Plesk the folder is created with 710 permissions and the all_sftp user is locked out.

How do I give the all_sftp access to new websites automatically?

Thanks!

bbeckford
  • 57
  • 1
  • 1
  • 12

1 Answers1

1

Your going to have a hard time with this. Plesk sets each individual site with the ownership of siteftp.psacln or siteftp.psaserv When these do not match it will cause issues with the expectations of plesk and you may run into issues down the line with service restarting like apache or nginx, or you may get away with that - but in future plesk updares or upgrades run into issues when it checks your permissions before proceeding (or worse after it has borked everything up).

I would reconsider your use case here and work around it. In our case we work around as much as possible, or we have sys admins log in and then sudo to each user as needed.

CD Brian
  • 67
  • 5
  • I was afraid someone might say that! I have a team of developers who all need SFTP access, how would you go about this? I don't want to use the root account bit also the thought of handing out ftp details for each site as a time is painful - we also want to use key based login. – bbeckford Jul 17 '20 at 07:03