Question
How to add programs to chrooted shell environment template in Plesk?
Answer
Note: If you notice that you have to add more and more software into the chrooted environment template for a few customers, you may want to consider offering them an upgrade for their hosting to dedicated or virtual servers.
-
Connect to the server via SSH.
-
Run the following commands to download and unpack the script attached to this article:
# curl -o update-chroot.sh https://raw.githubusercontent.com/plesk/kb-scripts/master/update-chroot/update-chroot.sh
# chmod 700 update-chroot.sh
Note: Execute
./update_chroot.sh --helpfor other options such aslocale.Not all software can operate in chroot environment. Refer to the corresponding software's documentation to make sure that particular program can be added to chroot environment.
-
Refer to the following examples on how to add a program to the chrooted environment:
Note: Further examples require SSH Access to the server and the
update_chroot.shscript to be downloaded and unpacked.SSH Client
To add an SSH command into the chrooted environment template, follow these steps:
-
Add the terminal device inside the chrooted environment template:
# ./update-chroot.sh --devices tty
Note: Without access to
/dev/tty, SSH will not be able to work. -
Add the SSH executable file itself:
# ./update-chroot.sh --add ssh
-
Apply changes to one or several specific domains:
# ./update-chroot.sh --apply example-1.com example-2.com
or to all domains at once:
# ./update-chroot.sh --apply all
Now, it is possible to use SSH client while logged in as the domain's user.
Adding OS-provided PHP
Some programs require not only libraries with which the main binary is linked, but also configuration files and plugins. An example of such a program is PHP.
Note: Adding PHP to the chrooted environment will not benefit the security of PHP scripts on the website since PHP scripts are executed in a non-chrooted context by the web-server or by FPM process pool.
-
PHP binary:
# ./update-chroot.sh --add php
-
Set the variable for the correct Plesk vhost path:
# VHOSTS=`grep HTTPD_VHOSTS_D /etc/psa/psa.conf | awk '{print $2}'`
-
Add timezone definitions:
# mkdir $VHOSTS/chroot/usr/share
# cp -a /usr/share/zoneinfo $VHOSTS/chroot/usr/share/zoneinfoWarning: Without them, PHP will produce the error whenever date/time functions are used:
glibc detected php: free(): invalid pointer: 0x00007f11249fccd8 *** -
Add PHP extensions. They are not added on the first step because PHP binary does not depend on them:
-
For RHEL/CentOS:
# for i in /usr/lib64/php/modules/*.so ; do ./update-chroot.sh --add $i ; done
-
For Ubuntu/Debian:
# for i in /usr/lib/php/modules/*.so ; do ./update-chroot.sh --add $i ; done
Note: The path to the modules directory differs between Linux distributions. To find out where PHP modules are stored on the server, run
php -i | grep -E "^extension_dir" -
-
Copy the PHP configuration:
# mkdir -p $VHOSTS/chroot/etc
# cp -a /etc/php.ini /etc/php.d $VHOSTS/chroot/etc/Note: The path to the configuration files differs between Linux distributions. To…
-
with