How to add programs to a chrooted shell environment template

Follow

Comments

15 comments

  • Avatar
    Christian Toller

    This instruction worked fine for me. For both Plesk Onyx as well as version 12.5.

    One issue though: Executing php -v (or any other php command) resulted in errors that e.g. mysql.so could not be found.

     

    The above adds the OS version of PHP to the chroot environment, not the PHP executables that are used for the websites.

    I therefore replaced

    ./update_chroot.sh --add php

    with

    ./update_chroot.sh --add /opt/plesk/php/7.1/bin/php

    You may want to repeat that with other available php versions.

    For convenience I also linked that php binary to usr/bin:

    ln -s /opt/plesk/php/7.1/bin/php /var/www/vhosts/chroot/usr/bin/php

    Afterwards, of course, do a ./update_chroot.sh --apply <domain>|all

    0
    Comment actions Permalink
  • Avatar
    Alexandr Bashurov

    Hello,

    Could you please tell me if you did the step 3 with the Plesk PHP modules dir?
    To ensure that that modules and dependant libraries for them are correctly loaded, please, run the following command:
    # ./update_chroot.sh --add `/opt/plesk/php/7.1/bin/php -i | grep "^extension_dir" | awk '{ print $3"/*" }'`

    By doing that the error with mysql.so and other modules should be resolved.

    If the error persists, however, I would like you to tell me what OS do you use, so I could test and debug the script.

    0
    Comment actions Permalink
  • Avatar
    Christian Toller (Edited )

    Hi Alexandr,

    yes, I performed step 3. And I'm running CentOS 7.1.
    My problem description was unclear, let me add some detail.
    After following your instructions (all steps, same on Plesk Onyx and 12.5), running php inside the chrooted environment results in the following:

    bash-4.2$ php -v
    PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/mysql.so' - libmysqlclient.so.18: cannot open shared object file: No such file or directory in Unknown on line 0
    PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/mysqli.so' - libmysqlclient.so.18: cannot open shared object file: No such file or directory in Unknown on line 0
    PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/pdo_mysql.so' - libmysqlclient.so.18: cannot open shared object file: No such file or directory in Unknown on line 0
    No entry for terminal type "xterm";
    using dumb terminal settings.
    PHP 5.4.16 (cli) (built: Nov 6 2016 00:29:02)
    Copyright (c) 1997-2013 The PHP Group
    Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
    with the ionCube PHP Loader (enabled) + Intrusion Protection from ioncube24.com (unconfigured) v5.0.12, Copyright (c) 2002-2015, by ionCube Ltd.

    I thought that this might be caused by the fact that I added only the OS version of PHP, not the ones provided by Plesk.
    And indeed, adding e.g. /opt/plesk/php/7.0/bin/php to the chroot environment solves the issue completely:

    bash-4.2$ opt/plesk/php/7.0/bin/php -v
    PHP 7.0.24 (cli) (built: Sep 29 2017 12:48:34) ( NTS )
    Copyright (c) 1997-2017 The PHP Group
    Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies

    I added a symbolic link from usr/bin/php to opt/plesk/php/7.0/bin/php to have that php version in the PATH.
    With that, everything works fine inside chroot.

    Now, running the command you suggested

    # ./update_chroot.sh --add `/opt/plesk/php/7.0/bin/php -i | grep "^extension_dir" | awk '{ print $3"/*" }'`

    doesn't seem to change anything. After executing it and applying the new chroot template, I still get the same warnings as above if I call the OS version (5.6) of php and everything works just fine for the Plesk php version (7.0).

    The point is, because I want to use the same PHP version for delivering the website via http and when running some tests via PHP CLI within the chrooted shell, I'm not interested in getting the OS PHP version to work. As long as all the PHP versions from /opt/plesk/php are working, I'm happy.

    Does that make sense? ;)

    Christian Toller
    tethis IT
    Vienna, Austria

    0
    Comment actions Permalink
  • Avatar
    Alexandr Bashurov (Edited )

    Hello,

    Seems like CentOS 7 has a pretty different idea of which libraries should reside where. As a result, all mysql-related PHP modules which have a dependency on /usr/lib64/mysql/libmysqlclient.so.18 cannot find it.

    The library libmysqlclient.so.18 is placed in /usr/lib64/mysql/, which is a non-standard location for a shared library, so locations for shared libraries on CentOS 7 are appended with /usr/lib64/mysql/.

    update_chroot script (UPD: before 1.3), however, does not copy /etc/ld.so.conf and contents of /etc/ld.so.conf.d/ to the template, and as a result, OS-provided PHP cannot find the shared library throwing a bunch of warnings.

    As a result, it can be resolved this way:

    1. Add required folders and files to the template:
      # cp -a /etc/ld.so.conf* /var/www/vhosts/chroot/etc
    2. Add ldconfig to the template to rebuild paths:
      # ./update_chroot.sh --add ldconfig
    3. Log in to the chroot template:
      # chroot /var/www/vhosts/chroot
    4. Update the libraries paths':
      # ldconfig -v
    5. Apply changes to subscriptions:
      # ./update_chroot.sh --apply all

    After that OS-provided PHP should not return any warnings:
    # php -v
    No entry for terminal type "screen-256color";
    using dumb terminal settings.
    PHP 5.4.16 (cli) (built: Nov 6 2016 00:29:02)
    Copyright (c) 1997-2013 The PHP Group
    Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
    with the ionCube PHP Loader (enabled) + Intrusion Protection from ioncube24.com (unconfigured) v5.0.18, Copyright (c) 2002-2015, by ionCube Ltd.

    UPD: As an alternative, update_chroot.sh 1.3 or newer can be used to automatically configure linker paths in chroot environment.

    0
    Comment actions Permalink
  • Avatar
    Senaka

    I have run the above command. But i'm getting this errors.How to fix it please 

    bash-4.2$ ./update_chroot.sh --add dash
    bash: ./update_chroot.sh: /usr/bin/env: bad interpreter: No such file or directory

    0
    Comment actions Permalink
  • Avatar
    Julian Bonpland Mignaquy

    Senaka could you send me the output of ls /usr/bin/env ?

    0
    Comment actions Permalink
  • Avatar
    Senaka

    [root@coreservers ~]# ls /usr/bin/env
    /usr/bin/env

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov (Edited )

    Hello @Senaka,

    Thank you.

    This means that /usr/bin/env exists on your server.

     

    Looks like initially, the command failed because being executed not as the root user: "bash-4.2$ ./update_chroot.sh --add dash" 

    All the commands form instruction are to be executed as root.

    0
    Comment actions Permalink
  • Avatar
    Ops-team

    Hello,

     

    The link to the tarball is not working right now:

     

    ~]$ wget https://plesk.zendesk.com/hc/article_attachments/360009607573/update_chroot.tar.gz
    --2020-04-23 15:18:21-- https://plesk.zendesk.com/hc/article_attachments/360009607573/update_chroot.tar.gz
    Auflösen des Hostnamen »plesk.zendesk.com (plesk.zendesk.com)«... 104.16.54.111, 104.16.53.111, 104.16.52.111, ...
    Verbindungsaufbau zu plesk.zendesk.com (plesk.zendesk.com)|104.16.54.111|:443... verbunden.
    HTTP-Anforderung gesendet, warte auf Antwort... 404 Not Found
    2020-04-23 15:18:21 FEHLER 404: Not Found.

     

    Just shows a blank page in browser; no download is starting.

    0
    Comment actions Permalink
  • Avatar
    Michael F.

    Greetings,

    I am trying to get the "screen" command working within in the chrooted

    I tried running the: "./update_chroot.sh --add screen" and then the --apply all to bring screen into the domains...

    when trying to start screen in the chrooted I am having issues that it states that "Must be connected to a Terminal.".

    As of some google stuff it says to mount (bind) the /dev/pts... as of trying this it results in:

    chrootmng: cannot link "/var/www/vhosts/<domain>/dev/pts/0": Invalid cross-device link

    also tried some other ways like linking or copying stuff... but not working... any ideas how to get screen in the chrooted?

     

    Regards

    0
    Comment actions Permalink
  • Avatar
    Francisco Garcia

    Hi Ops-team,

    Thanks, I've updated the article.

    0
    Comment actions Permalink
  • Avatar
    Francisco Garcia

    Hi Michael F.,

    According the script, the available devices that can be added are: "tty", "urandom", "random", "null", "ptmx" and "zero".

    pts isn't one of the ones available, and I'm not sure if this is possible.

    0
    Comment actions Permalink
  • Avatar
    Piotr Stawiski

    Amazing! Thank you very much. I was about to remove chroot for CD/CI reasons when I found this.
    I dag through so many internet threads on adding rsync to Plesk ssh but all answers were just "use ftp"
    Below did the trick:
    ./update_chroot.sh --add rsync
    ./update_chroot.sh --apply all

    1
    Comment actions Permalink
  • Avatar
    Websavers Inc

    Once these commands update the chroot environment at /var/www/vhosts/chroot, I take it these auto-apply to any future created subscriptions? Is there a good way to reset the chroot to Plesk defaults after having done all of this? We wish to allow access to PHP or Node binaries (for example) to only select chrooted shell accounts/subscriptions but then ensure future created subscriptions do not have those utilies by default (as it takes up a few hundred MB on disk each time).

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Websavers Inc

    The script attached to this article update_chroot.sh includes many functions and should help to achieve your goals.

    The full list of script options may be displayed with "./update_chroot.sh --help".

    > We wish to allow access to PHP or Node binaries (for example) to only select chrooted shell accounts/subscriptions but then ensure future created subscriptions do not have those utilies by default (as it takes up a few hundred MB on disk each time).

    Try this option:
    ./update_chroot.sh --apply [[domain] ... | all]
    Apply new chrooted template to specific domains or all domains with
    enabled chrooted shell. This operation is necessary to apply changes done
    by '--install', '--add' and '--devices' commands.

    > Is there a good way to reset the chroot to Plesk defaults after having done all of this?

    ./update_chroot.sh --rebuild
    Remove old template from all domains, rebuild it from scratch and
    reapply it. Only applications from /bin will be reinstalled.

     

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request