domain directory ownership

[joshb]

I've got a VPS using Plesk, and when I create a new domain Plesk creates a home folder for it in /var/www/vhosts/domainname. This directory is owned by the root user and group. Unfortunately, this means that any time I want to add a file to that directory (such as .bash_profile, etc), I need to do it via root or sudo. Is there a security issue with changing its ownership to the domain's SSH user? I want to make sure I'm not compromising my setup's security for some ease of use.

Thanks,

Josh

[JPC-Veena]

Hi Josh,

Plesk developers swsoft says that folder permissions are set the way they are for security reasons, better not mess with it. You can try the 'private' folder in there for all files you need to be able to access via ftp, but not via web.

[joshb]

Hi Josh,

Plesk developers swsoft says that folder permissions are set the way they are for security reasons, better not mess with it. You can try the 'private' folder in there for all files you need to be able to access via ftp, but not via web.

I'm not worried about making files ftp-accessible while locking out web access, I'm more interested in preference files that are created when using various command-line tools via SSH.

My question was, "Is there a security issue with changing its ownership to the domain's SSH user?" Granted, that is a yes/no question, but I'm more interested in the specific reason as to why the /var/www/vhosts/domainname folder's permissions shouldn't be owned by the domain owner, rather than root. Yes, I know it's slightly less secure than those files being owned by root, but that's the case for any file on the system. It's also a pain for my clients to have to ask me to do any tweaks to those directories because they don't have root access.

It's very common when using shared hosting that the files in your area are owned by your user, not root. How is this different?

Thanks,

Josh

[Vin DSL]

Er...

I *think* you guys are talking apples n' oranges.

Joshb is talking 'owners' and Veena is talking 'permissions'...

I don't consider these to be the same thing. Am I wrong about this?

[JPC-Veena]

VinDSL, I meant to say ownership too
Josh, every control panel has its limitations. If you want to know why it is made the way it is, you will need to ask swsoft, if you open a ticket, we could contact them and ask them about it for you too.

It's very common when using shared hosting that the files in your area are owned by your user, not root. How is this different?

Well, that would be the case on cPanel, but not on plesk or even on many other control panels which use a chroot environment.

[joshb]

Er...

I *think* you guys are talking apples n' oranges.

Joshb is talking 'owners' and Veena is talking 'permissions'...

I don't consider these to be the same thing. Am I wrong about this?

Agreed, this can be easy to mix up. To be clear, I am talking about *ownership*, while leaving the user/group/world permissions set as they were.

Thanks for the note, Vin DSL.

[joshb]

VinDSL, I meant to say ownership too
Josh, every control panel has its limitations. If you want to know why it is made the way it is, you will need to ask swsoft, if you open a ticket, we could contact them and ask them about it for you too.

It's very common when using shared hosting that the files in your area are owned by your user, not root. How is this different?

Well, that would be the case on cPanel, but not on plesk or even on many other control panels which use a chroot environment.

OK, so it looks like this is partly a case of me being new to Plesk. Admittedly, all of my previous hosting experience has been with cPanel. I was hoping it was just some obvious security issue that I was missing/misunderstanding. This is something that I'm definitely interested in knowing, though, so I'll open up a support ticket on it.

Thanks Veena,

Josh