Knowledge Base

How to chroot MySQL client for users in Plesk?

 
centoschrootcloudlinuxdatabasedatabases

Question

How to chroot MySQL client for users in Plesk?

Answer

Warning: It is not recommended to give access to MySQL in the chrooted environment as it is designed to isolate a system user from any system services. Proceed with the following steps at your own risk.

  1. Connect to the server via SSH;

  2. Download and unzip the update_chroot script:

    # wget https://plesk.zendesk.com/hc/article_attachments/360023025260/update_chroot.zip ; unzip update_chroot.zip && chmod +x update_chroot.sh

  3. Add the mysql command and all the required files to the chrooted environment and apply it to all domain:

    # ./update_chroot.sh –add mysql
    # ./update_chroot.sh –apply all

    • Afterwards, it should be possible to use the mysql command as follows:

      # mysql -u db_user -p -h127.0.0.1 db_name

    • In order to access the database without the -h127.0.0.1 option, create the /var/www/vhosts/example.com/.my.cnf file with the following content:

      # cat /var/www/vhosts/example.com/.my.cnf
      [mysql]
      host=127.0.0.1

  4. Mount a MySQL socket under the domain’s chrooted shell:

Do not recommend mounting it via /etc/fstab for the following reason:

When the customer decides to remove the domain, by doing so its vhost will be deleted.

That means the corresponding fstab entry must be removed too, otherwise, the next reboot will bring you to the emergency mode, and the default target (multi-user.target) will not come up.
During the boot procedure, systemd tries to mount everything under the /etc/fstab file – if one single typo exists or one or more mount point fails, the server becomes unbootable until you fix that via an attached console. 

For CentOS/RHEL/CloudLinux:

  • Create the following directory for the corresponding domain:

    # mkdir -p /var/www/vhosts/example.com/var/lib/mysql

  • Bind the MySQL socket to the chrooted directory:

    # mount -o bind,ro /var/lib/mysql /var/www/vhosts/example.com/var/lib/mysql

For Debian/Ubuntu:

  • Create the following directory for the corresponding domain:

    # mkdir -p /var/www/vhosts/example.com/var/run/mysqld

  • Bind the MySQL socket to the chrooted directory:

    # mount -o bind,ro /var/run/mysqld /var/www/vhosts/example.com/var/run/mysqld

Additional Information

How to add programs to a chrooted shell environment template in Plesk 

Read the full article
Related Posts
Knowledge Base

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2021 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with 💙  with Plesk WordPress Toolkit

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt