Duke
28.10.08, 15:19
Ja... schöner ist es alles per Hand zu machen. Aber ich versuche halt trotzdem soweit es geht mit dem vorhandenen zu Arbeiten und habe Plesk auf einem Server.
Ich brauche nun aber unbedient für einen FTP Account Unteraccounts was so ohne weiteres leider nicht möglich ist.
Folgendes habe ich beim Googeln gefunden und ausprobiert:
Assuming you already have an existing domain setup (example.com) with the primary FTP user (john) and password (doe) with home directory (/var/www/vhosts/domain.com), and you wish to create additional FTP users (jack and jill) with the same access privileges as john:
# Login to the server as root
ssh root@domain.com
# Execute the following shell command for the user’s account you wish to mimic
cat /etc/passwd | grep 'john'
This will show you a line similar to the following:
john:x:10041:2523::/var/www/vhosts/example.com:/usr/local/psa/bin/chrootsh
The first number (after the second colon) is 10041, so this is the UID of user “john”. You will need this in the useradd lines since useradd wants a number for the UID.
# Create the additional FTP user with a “jailed” home directory in /httpdocs directory
useradd -u 10041 -o -d /var/www/vhosts/example.com -g psacln -s /usr/local/psa/bin/chrootsh jack
# Create the additional FTP user with a “jailed” home directory in /web_users directory
useradd -u 10041 -o -d /var/www/vhosts/example.com -g psaserv -s /usr/local/psa/bin/chrootsh jack
# Give the user a password
passwd jack
Even without stopping/restarting the FTPd daemon, you should now be able login as with the new FTP user (jack) and access the same directories and with the same permissions as the primary domain user (john).
All new FTP accounts created using this method should have the same “shared” access to files since they all belong to the same group — no matter which of the users created or edited the file(s), all should be able to access/edit/whatever the same files.
As an additional benefit, the new user account is “jailed” to his/her home directory and cannot view the contents of other directories outside their home directory.
The only caveat to this aproach is that these users defined at the Operating System level, so their accounts or passwords cannot be changed through Plesk — but it’s a trade-off most people will glady accept for the improved functionality.
Was mir insbesondere komisch vorkam ist das Jail-Home. Da ich in der useradd Anweisung eigenltich keinen Hinweis drauf finden konnte das es ihm verboten ist aus dem Verzeichnis höher zu gehen.
Ich hab es jedoch einfach probiert die shell jedoch auf /bin/false zeigen lassen und es ging tatsächlich eingeloggt per FTP und der Nutzer konnte nicht höher. Jedoch bin ich mir noch etwas unsicher ob man das Ganze nicht doch irgendwie umgehen kann, also ob meine Einstellungen so ausreichen.
Ich brauche nun aber unbedient für einen FTP Account Unteraccounts was so ohne weiteres leider nicht möglich ist.
Folgendes habe ich beim Googeln gefunden und ausprobiert:
Assuming you already have an existing domain setup (example.com) with the primary FTP user (john) and password (doe) with home directory (/var/www/vhosts/domain.com), and you wish to create additional FTP users (jack and jill) with the same access privileges as john:
# Login to the server as root
ssh root@domain.com
# Execute the following shell command for the user’s account you wish to mimic
cat /etc/passwd | grep 'john'
This will show you a line similar to the following:
john:x:10041:2523::/var/www/vhosts/example.com:/usr/local/psa/bin/chrootsh
The first number (after the second colon) is 10041, so this is the UID of user “john”. You will need this in the useradd lines since useradd wants a number for the UID.
# Create the additional FTP user with a “jailed” home directory in /httpdocs directory
useradd -u 10041 -o -d /var/www/vhosts/example.com -g psacln -s /usr/local/psa/bin/chrootsh jack
# Create the additional FTP user with a “jailed” home directory in /web_users directory
useradd -u 10041 -o -d /var/www/vhosts/example.com -g psaserv -s /usr/local/psa/bin/chrootsh jack
# Give the user a password
passwd jack
Even without stopping/restarting the FTPd daemon, you should now be able login as with the new FTP user (jack) and access the same directories and with the same permissions as the primary domain user (john).
All new FTP accounts created using this method should have the same “shared” access to files since they all belong to the same group — no matter which of the users created or edited the file(s), all should be able to access/edit/whatever the same files.
As an additional benefit, the new user account is “jailed” to his/her home directory and cannot view the contents of other directories outside their home directory.
The only caveat to this aproach is that these users defined at the Operating System level, so their accounts or passwords cannot be changed through Plesk — but it’s a trade-off most people will glady accept for the improved functionality.
Was mir insbesondere komisch vorkam ist das Jail-Home. Da ich in der useradd Anweisung eigenltich keinen Hinweis drauf finden konnte das es ihm verboten ist aus dem Verzeichnis höher zu gehen.
Ich hab es jedoch einfach probiert die shell jedoch auf /bin/false zeigen lassen und es ging tatsächlich eingeloggt per FTP und der Nutzer konnte nicht höher. Jedoch bin ich mir noch etwas unsicher ob man das Ganze nicht doch irgendwie umgehen kann, also ob meine Einstellungen so ausreichen.