Question
How to chroot MySQL/MariaDB client for users in Plesk?
Answer
Warning: It is not recommended to give access to MySQL/MariaDB in the chrooted environment as it is designed to isolate a system user from any system services. Proceed with the following steps at your own risk.
-
Connect to the server via SSH;
-
Download and unzip the update-chroot script:
# wget https://raw.githubusercontent.com/plesk/kb-scripts/master/update-chroot/update-chroot.sh && chmod +x update-chroot.sh
-
Add the mysql command and all the required files to the chrooted environment and apply it to all domain:
# ./update-chroot.sh --add mysql
# ./update-chroot.sh --apply all-
Afterwards, it should be possible to use the mysql command as follows:
# mysql -u db_user -p -h127.0.0.1 db_name
-
In order to access the database without the
-h127.0.0.1option, create the/var/www/vhosts/example.com/.my.cnffile with the following content:# cat /var/www/vhosts/example.com/.my.cnf
[mysql]
host=127.0.0.1
-
-
Mount a MySQL/MariaDB socket under the domain's chrooted shell:
For CentOS/RHEL/CloudLinux:
-
Create the following directory for the corresponding domain:
# mkdir -p /var/www/vhosts/example.com/var/lib/mysql
-
Bind the MySQL socket to the chrooted directory:
# mount -o bind,ro /var/lib/mysql /var/www/vhosts/example.com/var/lib/mysql
For Debian/Ubuntu:
-
Create the following directory for the corresponding domain:
# mkdir -p /var/www/vhosts/example.com/var/run/mysqld
-
Bind the MySQL socket to the chrooted directory:
# mount -o bind,ro /var/run/mysqld /var/www/vhosts/example.com/var/run/mysqld
Additional Information
How to add programs to a chrooted shell environment template in Plesk