Article ID: 117243, created on Sep 13, 2013, last review on May 11, 2014

  • Applies to:
  • Plesk Automation

Symptoms

Chrooted shell access is enabled in hosting settings of subscription. But when customer tries to login by SSH, the following "Permission denied" error is displayed:

ssh testssh@1.2.3.4
execv("/bin/bash") failed
system error: Permission denied
Connection to 1.2.3.4 closed.

Access using non-chrooted shell works.

Cause

Wrong permissions on files in /var/www/vhosts/chroot/ directory

Resolution

  1. Make sure that 'Other' users have read permissions on libraries in chrooted environment template as below:

    # ls -la /var/www/vhosts/chroot/lib
    drwxr-xr-x  2 root root    4096 May 20 22:43 .
    drwxr-xr-x 10 root root    4096 May 20 22:43 ..
    -rwxr-xr-x  3 root root  129476 Jan  8  2013 ld-linux.so.2
    -rwxr-xr-x  3 root root   36468 Jan  8  2013 libnss_compat.so.2
    -rwxr-xr-x  3 root root  825028 May 13  2010 libnss_db.so.2
    -rwxr-xr-x  3 root root   21948 Jan  8  2013 libnss_dns.so.2
    -rwxr-xr-x  3 root root   50848 Jan  8  2013 libnss_files.so.2
    -rwxr-xr-x  3 root root   22764 Jan  8  2013 libnss_hesiod.so.2
    -rwxr-xr-x  3 root root 3208608 Jan  9  2013 libnss_ldap.so.2
    -rwxr-xr-x  3 root root   55804 Jan  8  2013 libnss_nisplus.so.2
    -rwxr-xr-x  3 root root   46624 Jan  8  2013 libnss_nis.so.2
    
    
    # ls -la /var/www/vhosts/chroot/lib64
    drwxr-xr-x  2 root root    4096 May 20 22:43 .
    drwxr-xr-x 10 root root    4096 May 20 22:43 ..
    -rwxr-xr-x  3 root root  142488 Jan  8  2013 ld-linux-x86-64.so.2
    -rwxr-xr-x  3 root root   25624 Feb 22  2012 libacl.so.1
    -rwxr-xr-x  3 root root   15560 Jan  6  2007 libattr.so.1
    -rwxr-xr-x  3 root root    7832 Jan  9  2013 libcom_err.so.2
    -rwxr-xr-x  3 root root 1364912 May 29  2012 libcrypto.so.6
    -rwxr-xr-x  3 root root   45728 Jan  8  2013 libcrypt.so.1
    -rwxr-xr-x  3 root root 1720736 Jan  8  2013 libc.so.6
    -rwxr-xr-x  3 root root   20424 Jan  8  2013 libdl.so.2
    -rwxr-xr-x  3 root root  188328 Feb 22  2012 libgssapi_krb5.so.2
    -rwxr-xr-x  3 root root  151176 Feb 22  2012 libk5crypto.so.3
    -rwxr-xr-x  3 root root    7176 Jan  6  2007 libkeyutils.so.1
    -rwxr-xr-x  3 root root  611312 Feb 22  2012 libkrb5.so.3
    -rwxr-xr-x  3 root root   33480 Feb 22  2012 libkrb5support.so.0
    -rwxr-xr-x  3 root root  411192 Jan  6  2007 libncursesw.so.5
    -rwxr-xr-x  3 root root  111480 Jan  8  2013 libnsl.so.1
    -rwxr-xr-x  3 root root  230840 Jan  9  2013 libnspr4.so
    -rwxr-xr-x  3 root root 1232280 Jan  9  2013 libnss3.so
    -rwxr-xr-x  3 root root   43128 Jan  8  2013 libnss_compat.so.2
    -rwxr-xr-x  3 root root  791488 May 13  2010 libnss_db.so.2
    -rwxr-xr-x  3 root root   27832 Jan  8  2013 libnss_dns.so.2
    -rwxr-xr-x  3 root root   53880 Jan  8  2013 libnss_files.so.2
    -rwxr-xr-x  3 root root   24736 Jan  8  2013 libnss_hesiod.so.2
    -rwxr-xr-x  3 root root 3176144 Jan  9  2013 libnss_ldap.so.2
    -rwxr-xr-x  3 root root   62944 Jan  8  2013 libnss_nisplus.so.2
    -rwxr-xr-x  3 root root   53544 Jan  8  2013 libnss_nis.so.2
    -rwxr-xr-x  3 root root  151592 Jan  9  2013 libnssutil3.so
    -rwxr-xr-x  3 root root  127720 Mar 31  2011 libpcre.so.0
    -rwxr-xr-x  3 root root   15624 Jan  9  2013 libplc4.so
    -rwxr-xr-x  3 root root   11624 Jan  9  2013 libplds4.so
    -rwxr-xr-x  3 root root  146840 Jan  8  2013 libpthread.so.0
    -rwxr-xr-x  3 root root   89880 Jan  8  2013 libresolv.so.2
    -rwxr-xr-x  3 root root   50288 Jan  8  2013 librt.so.1
    -rwxr-xr-x  3 root root   92960 Mar  6  2011 libselinux.so.1
    -rwxr-xr-x  3 root root  245232 Mar 31  2010 libsepol.so.1
    -rwxr-xr-x  3 root root   13320 Jan  6  2007 libtermcap.so.2
    -rwxr-xr-x  3 root root   15280 Jan  8  2013 libutil.so.1
    -rwxr-xr-x  3 root root   83280 Jul 17  2012 libz.so.1
    
  2. If other users do not have read permissions, add as below:

    # chmod o+r /var/www/vhosts/chroot/lib64/*
    

e0aff7830fa22f92062ee4db78133079 caea8340e2d186a540518d08602aa065

Email subscription for changes to this article
Save as PDF