Applicable to:
- Plesk for Linux
Question
How to add programs to chrooted shell environment template in Plesk?
Answer
Note: If you notice that you have to add more and more software into the chrooted environment template for a few customers, you may want to consider offering them an upgrade for their hosting to dedicated or virtual servers.
-
Connect to the server via SSH.
-
Run the following commands to download and unpack the script attached to this article:
# curl -o update-chroot.sh https://raw.githubusercontent.com/plesk/kb-scripts/master/update-chroot/update-chroot.sh
# chmod 700 update-chroot.sh
Note: Execute
./update_chroot.sh --help
for other options such aslocale
.PLESK_WARN: Not all software can operate in chroot environment. Refer to the corresponding software's documentation to make sure that particular program can be added to chroot environment.
Please note that three other articles have links to this script:
https://plesk-new.zendesk.com/hc/en-us/articles/12377475066391
https://plesk-new.zendesk.com/hc/en-us/articles/12377594375703
https://plesk-new.zendesk.com/hc/en-us/articles/12377589132951 -
Refer to the following examples on how to add a program to the chrooted environment:
Note: Further examples require SSH Access to the server and the
update_chroot.sh
script to be downloaded and unpacked.SSH ClientTo add an SSH command into the chrooted environment template, follow these steps:
-
Add the terminal device inside the chrooted environment template:
# ./update-chroot.sh --devices tty
Note: Without access to
/dev/tty
, SSH will not be able to work. -
Add the SSH executable file itself:
# ./update-chroot.sh --add ssh
-
Apply changes to one or several specific domains:
# ./update-chroot.sh --apply example-1.com example-2.com
or to all domains at once:
# ./update-chroot.sh --apply all
Now, it is possible to use SSH client while logged in as the domain's user.
Adding OS-provided PHPSome programs require not only libraries with which the main binary is linked, but also configuration files and plugins. An example of such a program is PHP.
Note: Adding PHP to the chrooted environment will not benefit the security of PHP scripts on the website since PHP scripts are executed in a non-chrooted context by the web-server or by FPM process pool.
-
PHP binary:
# ./update-chroot.sh --add php
-
Set the variable for the correct Plesk vhost path:
# VHOSTS=`grep HTTPD_VHOSTS_D /etc/psa/psa.conf | awk '{print $2}'`
-
Add timezone definitions:
# mkdir $VHOSTS/chroot/usr/share
# cp -a /usr/share/zoneinfo $VHOSTS/chroot/usr/share/zoneinfoWarning: Without them, PHP will produce the error whenever date/time functions are used:
glibc detected php: free(): invalid pointer: 0x00007f11249fccd8 ***
-
Add PHP extensions. They are not added on the first step because PHP binary does not depend on them:
-
For RHEL/CentOS:
# for i in /usr/lib64/php/modules/*.so ; do ./update-chroot.sh --add $i ; done
-
For Ubuntu/Debian:
# for i in /usr/lib/php/modules/*.so ; do ./update-chroot.sh --add $i ; done
Note: The path to the modules directory differs between Linux distributions. To find out where PHP modules are stored on the server, run
php -i | grep -E "^extension_dir"
-
-
Copy the PHP configuration:
# mkdir -p $VHOSTS/chroot/etc
# cp -a /etc/php.ini /etc/php.d $VHOSTS/chroot/etc/Note: The path to the configuration files differs between Linux distributions. To find out where PHP configuration is stored, run
php -i | grep -E "^Configuration File|^Scan this dir for additional"
-
Set up default timezone in the main configuration file:
# sed -i.bkp 's/;date.timezone =/date.timezone = Europe\/Zurich/' $VHOSTS/chroot/etc/php.ini
Note: By default the
date.timezone
variable is not set, which can result in some PHP scripts failing to parse the output ofdate("r")
call, because it will return a warning before returning date. -
Apply changes to one or several specific domains:
# ./update-chroot.sh --apply example-1.com example-2.com
or to all domains at once:
# ./update-chroot.sh --apply all
Note: Changes will not be applied if the Access to the server over SSH value in Plesk > Domains > example.com > Web Hosting Access differs from /bin/bash (chrooted).
Adding Plesk PHPSome programs require not only libraries with which the main binary is linked, but also configuration files and plugins. An example of such a program is PHP.
Note: Adding PHP to the chrooted environment will not benefit the security of PHP scripts on the website (as PHP scripts are executed in a non-chrooted context by web-server or by FPM process pool).
-
Set a variable for the PHP version that you want to add:
# PHPPATH='/opt/plesk/php/7.4'
Note: to find the available version use
ls -d /opt/plesk/php/*
-
Add the PHP binary:
# ./update-chroot.sh --add $PHPPATH/bin/php
-
Set the variable for the correct Plesk vhost path:
# VHOSTS=`grep HTTPD_VHOSTS_D /etc/psa/psa.conf | awk '{print $2}'`
-
Add timezone definitions:
# mkdir $VHOSTS/chroot/usr/share
# cp -a /usr/share/zoneinfo $VHOSTS/chroot/usr/share/zoneinfoWarning: Without them, PHP will produce the error whenever date/time functions are used:
glibc detected php: free(): invalid pointer: 0x00007f11249fccd8 ***
-
Add PHP extensions. They are not added on the first step because PHP binary does not depend on them.
-
For RHEL/CentOS:
# for i in $PHPPATH/lib64/php/modules/*.so; do ./update-chroot.sh --add $i; done
-
For Ubuntu/Debian:
# for i in $PHPPATH/lib/php/modules/*.so; do ./update-chroot.sh --add $i; done
-
-
Copy the PHP configuration:
# mkdir -p $VHOSTS/chroot$PHPPATH/etc/
# cp -a $PHPPATH/etc/ $VHOSTS/chroot$PHPPATH/; rm -rf $VHOSTS/chroot$PHPPATH/etc/php-fpm.d -
Set up default timezone:
# sed -i.bkp 's/;date.timezone =/date.timezone = Europe\/Zurich/' $VHOSTS/chroot/$PHPPATH/etc/php.ini
Note: By default the
date.timezone
variable is not set, which can result in some PHP scripts failing to parse the output ofdate("r")
call, because it will return a warning before returning date. -
Apply changes to one or several specific domains:
# ./update-chroot.sh --apply example-1.com example-2.com
or to all domains at once:
# ./update-chroot.sh --apply all
Note: Changes will not be applied if the Access to the server over SSH value in Plesk > Domains > example.com > Web Hosting Access differs from "/bin/bash (chrooted)".
Note: Use the full path to executable as user, e.g.:
$ $PHPPATH/bin/php -v
Adding ldconfigNote:
ldconfig
is automatically installed byupdate_chroot.sh
1.2 and newer when a new application is added to the template.-
Set the variable for the correct Plesk vhost path:
# VHOSTS=`grep HTTPD_VHOSTS_D /etc/psa/psa.conf | awk '{print $2}'`
-
Add required folders and files to the template:
# cp -a /etc/ld.so.conf* $VHOSTS/chroot/etc
-
Add ldconfig to the template to rebuild paths:
# ./update-chroot.sh --add ldconfig
-
Update the linker's configuration:
# chroot $VHOSTS/chroot /bin/sh -c "ldconfig -v"
-
Apply changes to subscriptions:
# ./update-chroot.sh --apply all
-
Comments
0 comments
Please sign in to leave a comment.