Article ID: 115842, created on Mar 27, 2013, last review on Jun 17, 2016

  • Applies to:
  • Plesk 12.5 for Linux
  • Plesk 12.0 for Linux
  • Plesk 11.0 for Linux
  • Plesk 11.5 for Linux
  • Plesk 10.1 for Linux/Unix

Usage Instructions

Run the following commands to download, unzip, make executable, and execute the script on your server:

# wget http://kb.plesk.com/Attachments/kcs-19590/chroot_update.zip
# unzip chroot_update.zip
# chmod +x chroot_update.sh
# ./chroot_update.sh --help

The command will display this "help" message:

# ./chroot_update.sh --help
Manage chrooted template in /var/www/vhosts/chroot and apply it to domains.

Usage:
  ./chroot_update.sh --install
  ./chroot_update.sh --update
    Create default chrooted environment or update existing one
    using actual libraries from the system.

  ./chroot_update.sh --add <path>
    Add program to chrooted environment. All linked libraries
    will be copied as well. Program will always be put in /bin
    directory of chrooted environment.

  ./chroot_update.sh --devices
    Add additional devices to chrooted environment template. List
    of devices added includes: /dev/tty, /dev/urandom, /dev/ptmx
    and /dev/zero. Useful for some commands like 'rsync', 'ssh' etc.

  ./chroot_update.sh --remove <domain,...>
  ./chroot_update.sh --remove all
    Remove chrooted environment from specific domains (comma-separated
    list) or all domains with enabled chrooted shell if no domains are
    given. Useful if full re-initialization of chrooted shell environment
    on domain is needed.

  ./chroot_update.sh --apply <domain,...>
  ./chroot_update.sh --apply all
    Apply new chrooted template to specific domains (comma-separated
    list) or all domains with enabled chrooted shell if no domains
    are given. This operation is necessary to apply changes done by
    '--install', '--add' and '--devices' commands to specific or all
    domains.

Example 1: Adding SSH

To add the SSH command into the chrooted environment template, follow these steps:

  1. Add standard devices inside the chrooted environment template. Without access to /dev/tty, SSH will not be able to work:

    # ./chroot_update.sh --devices  
    
  2. Add the SSH utility itself:

    # ./chroot_update.sh --add `which ssh`
    
  3. Copy the file /etc/resolv.conf to the chrooted environment template manually (since the script is only intended for adding binaries and their dependent libraries or shell scripts):

    # cp /etc/resolv.conf /var/www/vhosts/chroot/etc/
    
  4. Apply changes to either of the selected domains (provided in the form of a comma-separated list) or to all domains at once:

    # ./chroot_update.sh --apply all
    

Now it is possible to use SSH while logged in as the domain's user.

Example 2: Adding PHP to chrooted environment

Some programs require not only libraries with which the main binary is linked, but also configuration files and plug-ins. An example of such a program is PHP.

Although adding PHP to the chrooted environment will not benefit the security of PHP scripts on the website (as PHP scripts are executed in a non-chrooted context by Apache or FastCGI/CGI processes), it may be useful for the development and debugging of PHP scripts.

Note: This section is applicable is only for system PHP and not for additional ones.

To add PHP to the chrooted environment template, follow these steps:

  1. Add the PHP binary itself:

    # ./chroot_update.sh --add `which php`
    
  2. Add timezone definitions. Without them, PHP will produce the error * glibc detected php: free(): invalid pointer: 0x00007f11249fccd8 whenever date/time functions are used:

    # mkdir /var/www/vhosts/chroot/usr/share
    # cp -a /usr/share/zoneinfo /var/www/vhosts/chroot/usr/share
    
  3. Add PHP modules. They are not added on the first step because the PHP binary is not dynamically linked with these libraries. Also, adding modules will put them in the bin directory of the chrooted environment template. They should be removed afterward:

    # for f in /usr/lib64/php/modules/*.so ; do ./chroot_update.sh --add $f ; done
    # rm -f /var/www/vhosts/chroot/bin/*.so
    

    Note: The path to the modules directory may be different on your system. To find out where PHP modules are stored on the server, run the following command:

    # php -i | grep extension_dir
    
  4. Copy PHP modules to the correct directory in the chrooted environment template:

    # mkdir /var/www/vhosts/chroot/usr/lib64
    # cp -a /usr/lib64/php /var/www/vhosts/chroot/usr/lib64
    
  5. Copy the PHP configuration:

    # cp -a /etc/php.ini /etc/php.d /var/www/vhosts/chroot/etc
    

    Note: Paths to configuration files may be different depending on your operating system. For example, on a default Plesk installation on Debian, the loaded configuration file is stored in /etc/php5/cli/php.ini . Additional .ini files are stored in /etc/php5/cli/conf.d instead of /etc/php.d.

    Note: If the domain is set up to use PHP as a CGI/FastCGI application, it is better to omit this step, as php.ini is managed by Plesk. To adjust PHP settings, go to Websites & Domains tab > domain > PHP Settings tab.

  6. Apply the changes:

    # ./chroot_update.sh --apply all
    

    You may run the following command if changes are not required for all domains:

    # ./chroot_update.sh --apply <domain,...>
    

    Note: The changes will not be applied if the type of shell access for a particular user is set to /bin/false ('Forbidden' in the Parallels Plesk Panel GUI).

Important Note

Chrooted access for domain owners is not intended to be the equivalent of full server access. Instead, it is designed to be a helpful tool to perform elementary operations like changing permissions, copying and moving files, and performing test searches on files. If you notice that you have to add more and more software into the chrooted environment template for a small number of customers, you may want to consider offering them an upgrade for their hosting to dedicated or virtual servers.

Search Words

How to add new programs to a chrooted shell environment

cron not running

Running cron does not work

adding

schedule task

Adding ssh to chrooted environment

cron job

user with id=10272 and name=xyzxbxeyrbuyxb not found in chrooted passwd file

/usr/bin/php: No such file or directory

adding php to chrooted environment

Проблема с формированием cron-заданий в режиме "Выполнить PHP-скрипт"

chroot

-: /httpdocs/sendanemail.php: Permission denied

not found in chrooted passwd file

make chown available for all existing vhosts

chrooted shell environment

Attachments

29d1e90fd304f01e6420fbe60f66f838 56797cefb1efc9130f7c48a7d1db0f0c a914db3fdc7a53ddcfd1b2db8f5a1b9c def31538ba607bde27398f48ab5956be dd0611b6086474193d9bf78e2b293040 01bc4c8cf5b7f01f815a7ada004154a2 0a53c5a9ca65a74d37ef5c5eaeb55d7f aea4cd7bfd353ad7a1341a257ad4724a 2a5151f57629129e26ff206d171fbb5f e335d9adf7edffca6a8af8039031a4c7 742559b1631652fadd74764ae8be475e

Email subscription for changes to this article
Save as PDF