I have taken over management of a bunch of a dedicated servers and have a question.
What are the commands on Linux (RedHat, RHL) for giving a User access rights to a directory(ies) only.
So that this user can FTP and Telnet to the server but will be able to:
1- only upload files to these directory(ies)
2- only delete files/dirs from these directory(ies)
3- only execute programs residing in these directory(ies)
My reseller have got one plan, where option "Gestion de l'accès au serveur via SSH" (Manage SSH access to server) is on "Peut autoriser l'accès uniquement à un environnement chrooté" (Can autorize access only in chrooted environment).
This plan contains only one subscription in which I would like to permit users to use sftp. If I go in the subscription, and then I click on "Customize subscription", I can see option "Gestion de l'accès au serveur via SSH" (Manage SSH access to server) is on "Peut autoriser l'accès uniquement à un environnement chrooté" (Can autorize access only in chrooted environment)...
=> So same than in the plan.
After that, when I click on subscription => WebSites and Domain => One domain => FTP Access and I choose a ftp user, I don't have any option to allow ssh access to the user.
I'm using Plesk Panel 12 on Debian GNU/Linux 7.6 server. I created a ftp user in a subdomain (sub.domain.tld) of my domain (domain.tld).
In Tools and settings = Policy security, I allowed sftp and ftp connections. When I try to connect I get this message :
Code:
sftp my_user@domain.tld
Connection closed
In the password file I got :
Code:
my_user:x:10000:1003::/var/www/vhosts/domain.tld/sub.mydomain.tld/httpdocs:/bin/false
Is there any way to give a reseller or customer access to the php custom settings box labeled "Additional configuration directives" on the website & domains -> php settings button that an admin can see and alter? We have attempted to give resellers the "Common PHP settings management" and "Setup of potentially insecure web scripting options that override provider's policy" options, but it still does not show up to a reseller.
View 1 Replies View RelatedQuote:
A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system.
The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. While attacks can be prevented by implementing a common feature known as mmap_min_addr, the RHEL distribution, short for Red Hat Enterprise Linux, doesn't properly implement that protection, Brad Spengler, who discovered the bug in mid October, told The Register.
Read the complete article at The Register. New kernels are available for Redhat and CentOS (obviously), and likely others who may be affected.
We have a developer doing some work for us and only want to allow them FTP access to the directory they are working on. How can this be accomplished? I am not sure how to limit ftp access to certain directories?
View 4 Replies View RelatedDo the hsting comapny provide a system for you website for users to login or register
or do i have to do it myself
today we notice that all subscriptions on Plesk when we access phpmyadmin has access to all databases,it was a Plesk update that can be done this ?
I don't remember to update anything during this days to this happen.
I want to create a special FTP account as such:
- The user would only be able to view and upload to one directory, such as mysite.com/images/
- The user would only be able to upload .jpg files, no code/php/html or anything, just jpg pictures.
- There would be a limit of upload. (ie. only 50 MB of upload per day)
- The user would only be able to delete the files that he uploaded. (or the user would only be able to view the files he uploaded)
if i can lock a file from being downloaded or viewed in ftp editor even if i give some one ftp access?
View 3 Replies View RelatedI have WHM and Cpanel on my dedicated server. Is there a way to give them access to change this? I dont want then to have access to everything either.
Edit your httpd.conf file.
Timeout 50
KeepAlive On
MaxKeepAliveRequests 120
KeepAliveTimeout 10
MinSpareServers 10
MaxSpareServers 20
StartServers 16
MaxClients 125
MaxRequestsPerChild 5000Â
I have an account on godaddy, with more than 20 domains registered and well, so far i have been in charge of the updates of these domains and the websites they represent. But now I have this customer who is asking me to have access to his specific domain so he can upload files by him self, the thing is that i dont have a clue of how to do it. I tried to create a new account in godaddy for this customer and tried to transfer this domain into his account and I was not allowed to. I cannot give him my username and psw cause he wont only have access to his website but all those i have registered under my account. I will really appreciate some advises to help me work this out.
View 4 Replies View RelatedToday in a plesk 12 with mail control (20 mails per hour per mailbox) a spammer stole a password of a mailbox and send nearly 1000 mails in two hours.
How can it is possible? Also in the stats I see 0 mails sent. In the logs (var/log/mail.log) I see the spam wast sent from a mailbox...
How can view all users have root access in system?
View 6 Replies View RelatedI have several users that can't access my sites, they are all from different areas of the world, most are on PC's with WinXP and one is on a MAC. I've had them do all the normal stuff..clean cookies, cache etc all with no luck.
I have a dual processor server running Red Hat 7.3 i686. I do have KISS firewall running.
If I stop the firewall, they can get in, but I can also bring it back up and then for several hours they can still connect, but at some point, they stop being able to.
I currently have no ip's blocked. See below:
BLOCK_LIST=" "
TCP_IN="20 21 25 53 80 110 143 443 995 2082:2083 2086:2087 2095:2096 3306 8443 10000 19638 22 26 37 43 873 993"
TCP_OUT="21 22 25 37 43 53 80 443 873 2089 55000"
UDP_IN="53"
UDP_OUT="53"
TCP_IN_TRUSTED="22"
TRUSTED_IPS="0.0.0.0/0"
SERVER_IPS="0.0.0.0/0"
Nothing that I know of changed, it just started about a week ago.
1 have to create a new user, for example "webmaster" with ftp access, plesk access and database access.
My problem is: after i make all, this user can see all database for this domain. Can i show him only 1 database (him database)? If yes, how i can do?
i have 3 sites/users that all need to be able to access each other with complete read/write/exec access
Site1 Site2 and Site3
what's the best way to do this without screwing up all the premissions and access to my currently active sites. I need advice from someone who is a pro at this and not just guessing at what premissions to set. I'm assume i need to create a MasterGrp and invite all 3 sites then set/change permissions on all three sites. Also all new files created would need to have the masterGrp set as the group automatically
INTRODUCTION
As owner of a hosting provider company, I face the problem of abusive users almost every day. More than 90% of all abuse on my server comes from free trial accounts. I offer free trial access to my servers for people who want to try things out before they purchase a hosting package, but off course this attracts spammers. To prevent trial users from using my server for spamming purposes, I modified my exim.pl file to prevent trial users from accessing the Exim mail server.
Please note that this tutorial has been written for cPanel servers. If you want to use it on a server with a different control panel, you'll need to modify the cpgetpack.c source. If you do so, please share your work with the community by posting it in a reply here.
STEP ONE
First you’ll need to download, compile and install my cpgetpack.c application. Here’s how:
Code:
gcc cpgetpack.c -o cpgetpack
mv cpgetpack /usr/bin/
chown cpanel:cpanel /usr/bin/cpgetpack
chmod +s /usr/bin/cpgetpack
STEP TWO
Now open the /etc/exim.pl file in your favorite text editor (make a backup first) and look for the following inside the checkuserpass subroutine:
Code:
$trueowner =~ s////g;
$trueowner =~ s/..//g;
if (isdemo(${trueowner})) {
return('no');
}
Below, paste the following code:
Code:
my $name = getpwuid($uid);
open(UP, "cpgetpack $name|");
my $userplan = <UP>;
close(UP);chop($userplan);
if ($userplan eq "radix_FreeTrial") {
return "no";
}
You will have to replace the radix_FreeTrial string with the package you assign to your trial users. This will prevent trial users from authenticating which prevents them from sending mail remotely.
STEP THREE
Users are now still able to send mail locally (for example using the PHP mail() function), so here’s what to do next.
Find the checkdemo subroutine in the exim.pl file and replace the complete subroutine with:
Code:
sub democheck {
my $uid = Exim::expand_string('$originator_uid');
if (isdemo($uid)) { return 'yes'; }
my $name = getpwuid($uid);
open(UP, "cpgetpack $name|");
my $userplan = <UP>;
close(UP);
chop($userplan);
if ($userplan eq "radix_FreeTrial") {
return 'yes';
}
return 'no';
}
STEP FOUR
Now just restart Exim:
Code:
service exim restart
It might be a good idea to create a trial account and see if it’s working. Enjoy!
REFERENCE:
Original post: [url]
Best regards,
Josh Burt
i have a Dedicated server and i installed firewall and i fixed all cpanel option and i disable shell access for all users and ......
but my users can upload shell hack files (Like:c99 ) then they can access to another website ,,,, they can`t Write ,,, they can Read files only
but there is a problem because the hacker will read the config files so my Database websites will hack soon
The upgrade has an error when manage the users database.
PRODUCT, VERSION, VERSION OF MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE
OS Microsoft Windows Server 2008 R2 Service Pack 1 x64
Panel version 11.5.30 Update #13, last updated at Sept 1, 2013 03:30 PM
PROBLEM DESCRIPTION
In a costumer panel have a one database MSSQL, and assign to this DB 3 users, but the tab option "Users" don't work fot his costumer and show this error:
Error Javascript:
TypeError: template is null
this.template = template.toString(); in protototype.js 8472831 (lÃÂnea 807)
ACTUAL RESULT
Error Javascript:
TypeError: template is null
this.template = template.toString(); in protototype.js 8472831 (lÃÂnea 807)
EXPECTED RESULT
Show users in the tab users for database.
I am running lighttpd and eccelerator.
I have stripped the php-cgi.
I have tried forking anywhere from 50 to 300 to 1000 fastcgi children with PHP_FCGI_CHILDREN (through lighttpd, I'll attempt to do with same with spawn-fastcgi and fpm)
Server stats:
Intel Core i7 920
12GB DDR
250GB 7.2k RPM SATAII 16MB Cache
I am using to lighttpd's lighttpd-status to estimate concurrent connections.
When I refresh the panel, it shows that there are around 100-150 connections and around 150 requests/s in the last 5 seconds.
My vmstats show that CPU is 98% idle. Blocks written/read is neglible. MySql key_buffer set to 2gb and I'm pretty sure it's not mysql. The overwhelming majority of requests do not access mysql.
EDIT: Uh oh, I just realized that tcp_mem could be a huge bottle neck.
I just set it to:
net.ipv4.tcp_mem = 4096000 87380000 4194304000
It was previously:
net.ipv4.tcp_mem = somenumber somenumber 393,216 <<<--- WTF!
x1000 for my read values (it's an access server only). I can't benchmark the server right now so let me know if you have any suggestions besides this. I do think that this was the problem. When under load images could not be accessed either.
Is it possible to query for a list of system users using the API RPC? I know it's possible with a MySQL query
Code:
select id, login, account_id from sys_users order by login;
I've searched through the API RPC manual, but I don't see a way to do this. I always have to specify a filter, I can't find a way to just query for all users.
After some recents updates (currently running on: 12.0.18 Update #19) appeared a problem with connecting to FTP for passive mode users:
Connect ok!
"/" is the current directory
Get directory
227 Entering Passive Mode
550 Access is denied.
Server logs:
/var/log/messages
Oct 14 12:11:26 host xinetd[3692]: START: ftp pid=2709 from=::ffff:xxx.xxx.xxx.xxx
Oct 14 12:11:26 host proftpd[2709]: processing configuration directory '/etc/proftpd.d'
Oct 14 12:11:26 host proftpd[2709]: yyy.yyy.yyy.yyy (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - FTP session opened.
But:
/var/log/secure:
Oct 14 12:11:26 host proftpd: PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory
Oct 14 12:11:26 host proftpd: PAM adding faulty module: /lib64/security/pam_stack.so
Oct 14 12:11:26 host proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
Oct 14 12:11:26 host proftpd[2709]: yyy.yyy.yyy.yyy (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - USER client: Login successful.
ad1: yes, i do have passive ports configured in /etc/proftpd.conf and FW is properly configured
ad2: everything was fine until recent updates
ad3: this is happening only for passive users only
ad4: we are experiencing this issues across all Plesk instances [6x] on CentOS 6.5 with 12.0.18 Update #19Â
I am looking for a way to prevent panel users i created to change their passwords.
When i try to edit user roles, i can check/uncheck capabilities, but nothing on user password change.
I've tried to search information on this but both Google and this forum are flooded by "users password change" regarding "Horde", which i don't use.
I want to create a webpage where users can make a SRV record. I thought this is possible with the Plesk API but i dont have any expierance with the API. How to create it?
View 3 Replies View RelatedIn my documents I have command:
# mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa -e "select name from domains" | grep -v 'name' > domains.txt; while read i; do echo $i; /usr/local/psa/bin/domain_pref -i $i | grep nonexistent; done < domains.txtClick to expand...
I am experiencing a weird issue after a Plesk upgrade (from 11 to 12, installed on Ubuntu 12.04).
FTP/SFTP is not working for all users in one specific domain. When using the latest Filezilla client, I receive the following error when I try to connect in SFTP with the main user of this domain
Error: Received unexpected end-of-file from SFTP server
Error: Could not connect to serverClick to expand...
I am trying to set the server to reject all mail to non existent users for all domains.
I found this post [URL] but that is for a previous version of Plesk and no longer seems accurate.
Is it possible to configure this setting for all domains at once?
I have plesk12 set up but when i set a mail (dovecot) password, it gets stored in plain text (which I can verify by running /usr/local/psa/admin/sbin/mail_auth_view ). I would like to change this default setting to be encrypted.
View 4 Replies View RelatedOn my server, users can connect to any database as long as they have the database user and password. This makes it easier to hack any database on the server.
What I want to do is to make the users can only connect to their own databases and not other's.
I tried changing the localhost ip address but it didn't work ( I assume I didn't do it the right way)
We are running the latest Plesk 12 under CentOS 7.
While I can see the App Owncloud as Admin in the Application Vault my users cannot see that particular app in their Application pool. They can see all other apps though. Just not Owncloud.
All resellers and customers are allowed to install everything from the pool and i selected Owncloud in the Vault already and "made it available" .. Though it is not shown.