From another thread: (http://www.webhostingtalk.com/showthread.php?s=&threadid=25831)


You'll never want to provide shell access to your users if you're using plesk.


Can somebody please explain/elaborate on this? What seems to be the problem? I am asking this because I am planning to use Plesk and offer shell access (hence, the worry) soon.

cheers,
:beer:

http://forum.plesk.com/showthread.php?s=&threadid=65&highlight=offer+telnet+access ;)

I think he means CPanel is rich in features. ( Not sure if this is still true after the released of PSA v2.o). PSA looks plain, but they are more stable.

Originally posted by eva2000
http://forum.plesk.com/showthread.php?s=&threadid=65&highlight=offer+telnet+access ;)

Nothing I can really see why Plesk will seem to cause any problem with shell access ... All the comments I see is just saying general things that shell access should be limited due to security reasons ... That I know, but what does it have anything to do with Plesk?

cheers,
:beer:

from what i understand from that statement is that if you want to offer shell access to your users = use cpanel, but it could be a security risk

but if don't want to be monitoring your server every second and be able to take a week off so to speak, use plesk = since by default it doesn't allow you to offer shell access (without editing the /etc/passwd file that is)

could be wrong... i never used plesk yet.

Guys, I am sorry ... I quoted the wrong things ... the correct quote was supposed to be (also corrected above):


You'll never want to provide shell access to your users if you're using plesk.


I see now why I think your reply does not seem to answer my question/worry ... :D

cheers,
:beer:

Now I am asking why? :eek:

exactly ... that's what made me wonder at the first place ... I have never heard about any security problem with Plesk before that can be (easily) exploited by users with shell access ... if there is, then it must be something non-Plesk specific issues ...

cheers,
:beer:L

That's funny that eva2000 posted that link to the plesk forum, because the MarkA on that thread is me. :)

First of all, plesk really doesn't give users a home directory. What person in their right mind would make /usr/local/plesk/virtualdomains/username (if that's even right, it's been awhile since I've been logged onto a plesk server) someone's home directory?

Just look at the permissions on these directories, both for the user and the group. And what group are you going to put the user in?

I found that it was going to be pretty difficult to set permissions so that users couldn't access other users' home directories.

If someone will let me ssh into their plesk machine I'm sure that I can be more specific. I'm doing this from memory. :)

If I would have just known what Plesk was doing underneath the interface to set up accounts, I would have never used it. The demo on their web site should let you have shell access to see what it's doing. That's not really how you want to configure things for a multiple user system. If you're only going to have one system user, and lots of virtual users, it's fine.

This was 1.3.0 and 1.3.1. I have not used 2.0, but I doubt that it has changed.

I tried psa 2 and it hasn't changed - the user home dir and the group...

ive never used plesk before
but i am assuming that if you really want shell access that bad you can just make sure /etc/passwd users have a correct shell, and install sshd

Anyone who has installed redhat or any *nix would know that they can just set it in passwd file.. that's not an issue.. the big issue here is that plesk doesn't seem to have a secure nor standard way in dealing with user shell access.

Besides the more I think about it.... Plesk just won't cut it... it lacks so many features that users tend to expect now.. I am waiting and hoping for nocsoft to come out soon... it sounds very promising.

While that might be partially true muppie, you'd be surprised (I was at least) at how many people I ran into that thought the RaQ cp was 'complicated' and 'had too much stuff'. I know... baffled me too, but what I've *personally* found is that for all the discussion about cp's here, users actually log into and use the cp very little, and most often to set up a POP account, etc. That is my experience mind you, and different types of clients surely may use the cp more, but just thought I'd mention it.

Edit: This might not apply to something like WHM, as clients would set up domains as a reseller, etc., but I meant more fo the end user type site owner type client.

Chicken, you are correct, myself in fact only uses cpanel for POP accounts as you have said.. never used cron or anything else through the cp.

However those features do get some attention to get people to *signup*... well once they signed up they might find that they don't need all those bells and whistles but still as someone to choose between the two they'll tend to get "sucked in" by the one with more features... don't you agree?

Originally posted by node9
but i am assuming that if you really want shell access that bad you can just make sure /etc/passwd users have a correct shell, and install sshd


That's not what I am asking :rolleyes:... bitserver explain it quite well ... Thanks guys ...

cheers,
:beer:

Originally posted by muppie
Chicken, you are correct, myself in fact only uses cpanel for POP accounts as you have said.. never used cron or anything else through the cp.

However those features do get some attention to get people to *signup*... well once they signed up they might find that they don't need all those bells and whistles but still as someone to choose between the two they'll tend to get "sucked in" by the one with more features... don't you agree?

Absolutely. I'd say that the packaging and the picture on the box are worth something (so to speak), and surely, there are users who'd actually use some of these features, so it can't hurt.

Originally posted by dektong
Can somebody please explain/elaborate on this? What seems to be the problem? I am asking this because I am planning to use Plesk and offer shell access


dek, there are no problems with Plesk and allowing shell access, plesk by default does not allow this for security concerns. why not offer an On-demand shell access?

If the user needs shell access then edit their login from /bin/false to /bin/bash and when they are not using it, change it back to /bin/false :D

The only problem you'll experience if you do that is that the user will be able to cd through your entire server and snoop (view) through your directories and files.

Yes, they'll be able to cd to /everything-and-anything-under-the-sun and be able to VIEW what's in there.

I'm sure you don't want that.

Yes ive noticed this problem too, If I try to take off the read permission the whole site goes down, isnt there any way to keep the person from going back directories?

pun84: You've dug up a 3 year old thread referring to a version of Plesk that doesn't exist anymore. You may want to either start a new thread or post in the Plesk forum (forum.sw-soft.com).