How to add programs to chrooted shell environment template in Plesk?

Question

How to add programs to chrooted shell environment template in Plesk?

Answer

Note: If you notice that you have to add more and more software into the chrooted environment template for a few customers, you may want to consider offering them an upgrade for their hosting to dedicated or virtual servers.

1. Connect to the server via SSH.

2. Run the following commands to download and unpack the script attached to this article:

   # curl -o update-chroot.sh https://raw.githubusercontent.com/plesk/kb-scripts/master/update-chroot/update-chroot.sh

   # chmod 700 update-chroot.sh

   Note: Execute ./update_chroot.sh --help for other options such as locale.

   Not all software can operate in chroot environment. Refer to the corresponding software's documentation to make sure that particular program can be added to chroot environment.

3. Refer to the following examples on how to add a program to the chrooted environment:

   Note: Further examples require SSH Access to the server and the update_chroot.sh script to be downloaded and unpacked.

   SSH Client

   To add an SSH command into the chrooted environment template, follow these steps:

   1. Add the terminal device inside the chrooted environment template:

      # ./update-chroot.sh --devices tty

      Note: Without access to /dev/tty, SSH will not be able to work.

   2. Add the SSH executable file itself:

      # ./update-chroot.sh --add ssh

   3. Apply changes to one or several specific domains:

      # ./update-chroot.sh --apply example-1.com example-2.com

      or to all domains at once:

      # ./update-chroot.sh --apply all

   Now, it is possible to use SSH client while logged in as the domain's user.

   Adding OS-provided PHP

   Some programs require not only libraries with which the main binary is linked, but also configuration files and plugins. An example of such a program is PHP.

   Note: Adding PHP to the chrooted environment will not benefit the security of PHP scripts on the website since PHP scripts are executed in a non-chrooted context by the web-server or by FPM process pool.

   1. PHP binary:

      # ./update-chroot.sh --add php

   2. Set the variable for the correct Plesk vhost path:

      # VHOSTS=`grep HTTPD_VHOSTS_D /etc/psa/psa.conf | awk '{print $2}'`

   3. Add timezone definitions:

      # mkdir $VHOSTS/chroot/usr/share
      # cp -a /usr/share/zoneinfo $VHOSTS/chroot/usr/share/zoneinfo

      Warning: Without them, PHP will produce the error whenever date/time functions are used:
      glibc detected php: free(): invalid pointer: 0x00007f11249fccd8 ***

   4. Add PHP extensions. They are not added on the first step because PHP binary does not depend on them:

      • For RHEL/CentOS:

        # for i in /usr/lib64/php/modules/*.so ; do ./update-chroot.sh --add $i ; done

      • For Ubuntu/Debian:

        # for i in /usr/lib/php/modules/*.so ; do ./update-chroot.sh --add $i ; done

      Note: The path to the modules directory differs between Linux distributions. To find out where PHP modules are stored on the server, run php -i | grep -E "^extension_dir"

   5. Copy the PHP configuration:

      # mkdir -p $VHOSTS/chroot/etc
      # cp -a /etc/php.ini /etc/php.d $VHOSTS/chroot/etc/

      Note: The path to the configuration files differs between Linux distributions. To…