chroot environment

[Aristo]

Hi!

I want to know if you guys can access mysql program from shell when the permission are /bin/bash (chrooted) for a domain.

When it's in /bin/bash it works fine, but the client can see the other vhost domain by doing ls.

Can someone tell me if its possible to lock the client in his root using /bin/bash (chrooted) option but can access program that are in /usr/bin

I know that in Ensim, every chroot environment have is own /usr/bin folder but not in Plesk.

Thank you in advance.

 

[mian]

you can probably do this by changing the chroot template in /home/httpd/vhosts/chroot that gets installed for each domain. you would have to copy mysql and the libraries it requires to the chroot (ldd /usr/bin/mysql will show you the libraries required, libmysqlclient will probably be there) and then somehow get /var/lib/mysql/mysql.sock into the chroot, maybe via a symlink if thats possible to outside the chroot, maybe mount --bind not sure if it works for files though does for directories.

 

[Aristo]

I was wondering if it exist a true chroot jail in Plesk with that /usr/bin without doing a work around.

Best regards,

 

[CCHickman]

The best work-around is to copy mysql into the chroot template with all needed libraries into .../chroot/lib ... then include a text file in your bin dir --

mysql_readme

and write in there that users must execute mysql as:

mysql -h 127.0.0.1 --username=[YOURUSERNAME] --password=[YOURPASSWORD] --database=[dbname]


-h uses TCP/IP to connect bypassing the need for mysql.sock