This article will show, how to ban root or Administrator users from accessing Plesk. Plesk 18.0.38 and upgrades version include the SSH Terminal extension. To register as the root user to the SSH interface, the Plesk administrator can use this extension .<\/p>\n
By default Plesk runs utilities or scripts for the root user in the scenarios as follow:<\/p>\n
1st<\/sup>\u00a0Scenario:<\/strong><\/p>\n The task will be executed as root if a Plesk administrative manager creates a timed job and decides to run as root.<\/p>\n 2nd<\/sup>\u00a0Scenario:<\/strong><\/p>\n If an event manager is set up by a Plesk administrator and the assumed root command is run, the event handler\u00a0is activated.<\/p>\n 3rd<\/sup>\u00a0Scenario:<\/strong><\/p>\n When the Plesk administrator and\/or subscription owners are using the SSH terminal extension.<\/p>\n Have a look at the three root removal procedures:<\/strong><\/p>\n Procedure 1:<\/strong><\/p>\n Files are created in the\u00a0$PRODUCT ROOT D\/var\/ folder<\/strong>. It is the most reliable system-wide way to disable the root access including scheduled tasks, event handlers and the\u00a0SSH terminal<\/strong>.<\/p>\n 1. The\u00a0Server<\/strong>\u00a0as the root user will be joined by\u00a0SSH<\/strong>.<\/p>\n 2. Create a fresh file called root.crontab.lock in the $PRODUCT ROOT D\/var\/<\/strong>\u00a0directory. Users will not be permitted to do scheduled tasks or view planned work, which must thus be run as root.<\/p>\n 3. Create an empty file named\u00a0root.event handler.lock<\/strong>\u00a0in the\u00a0$PRODUCT ROOT D\/var\/ directory<\/strong>, As a result, users are unable to create event managers that run root.<\/p>\n 4. Once the previous two processes have been performed, SSH Terminal will not provide\u00a0root access<\/strong>.<\/p>\n NOTE: $PRODUCT ROOT D is \/usr\/local\/psa on RPM-based systems whereas \/opt\/psa is on Debian-based systems.<\/strong><\/p>\n Procedure 2:<\/strong><\/p>\n Only the SSH terminal root connection is given to the Plesk administrator, which can be stopped using\u00a0panel.ini<\/strong>. This does not prevent root access in\u00a0scheduled tasks<\/strong>\u00a0and\u00a0event managers<\/strong>.<\/p>\n 1.\u00a0Plesk\u00a0<\/strong>should then be logged in.<\/p>\n 2. Go to the\u00a0Extensions tab<\/strong>.<\/p>\n 3.\u00a0My Extensions<\/strong>\u00a0should then be selected.<\/p>\n 4. Open the\u00a0Panel.ini Editor<\/strong>\u00a0by simply click on it.<\/p>\n 5. The\u00a0Editor<\/strong>\u00a0option should then be selected.<\/p>\n 6. Execute the new text at the end of the file:<\/p>\n [login]<\/strong><\/p>\n systemAdmin = false<\/strong><\/p>\n 7. Restrict root access using the panel.ini menu.<\/p>\n [ext-ssh-terminal]<\/strong><\/p>\n rootAccessAllowed = false<\/strong><\/p>\n 8. Using the panel.ini menu\u00a0to the right. It will not be possible to set up it on a server if users add the \u2018SSH Terminal\u2019 extension to the blacklist.\u00a0[extensions]<\/strong><\/p>\n blacklist = ext-panel-editor<\/strong><\/p>\n 9. Press the\u00a0Save button<\/strong>.<\/p>\n Procedure 3:<\/strong><\/p>\n Both the\u00a0Plesk administrator<\/strong>\u00a0and\u00a0Subscription holders<\/strong>\u00a0can stop the SSH Terminal extension using panel.ini. This does not limit root access in\u00a0scheduled tasks<\/strong>\u00a0or\u00a0event handlers<\/strong>.<\/p>\n To the right, there\u2019s a panel.ini option. You won\u2019t be able to install the\u00a0\u2018SSH Terminal\u2019<\/strong>\u00a0extension on a server if you add it to the blacklist.<\/p>\n [extensions]<\/strong><\/p>\n blacklist = ext-ssh-terminal, ext-panel-editor<\/strong><\/p>\n Using this procedure, you can ban root or administrator users from accessing Plesk.<\/p>\n","protected":false},"excerpt":{"rendered":" This article will show, how to ban root or Administrator users from accessing Plesk. Plesk 18.0.38 and upgrades version include the SSH Terminal extension. To register as the root user to the SSH interface, the Plesk administrator can use this extension . By default Plesk runs utilities or scripts for the root user in the […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-2643","post","type-post","status-publish","format-standard","hentry"],"yoast_head":"\n