1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

chroot environment

Discussion in 'Plesk for Linux - 8.x and Older' started by Aristo, Aug 19, 2005.

  1. Aristo

    Aristo Guest

    0
     
    Hi!

    I want to know if you guys can access mysql program from shell when the permission are /bin/bash (chrooted) for a domain.

    When it's in /bin/bash it works fine, but the client can see the other vhost domain by doing ls.

    Can someone tell me if its possible to lock the client in his root using /bin/bash (chrooted) option but can access program that are in /usr/bin

    I know that in Ensim, every chroot environment have is own /usr/bin folder but not in Plesk.

    Thank you in advance.
     
  2. mian

    mian Guest

    0
     
    you can probably do this by changing the chroot template in /home/httpd/vhosts/chroot that gets installed for each domain. you would have to copy mysql and the libraries it requires to the chroot (ldd /usr/bin/mysql will show you the libraries required, libmysqlclient will probably be there) and then somehow get /var/lib/mysql/mysql.sock into the chroot, maybe via a symlink if thats possible to outside the chroot, maybe mount --bind not sure if it works for files though does for directories.
     
  3. Aristo

    Aristo Guest

    0
     
    I was wondering if it exist a true chroot jail in Plesk with that /usr/bin without doing a work around.

    Best regards,
     
  4. CCHickman

    CCHickman Regular Pleskian

    25
    40%
    Joined:
    Oct 11, 2003
    Messages:
    112
    Likes Received:
    0
    The best work-around is to copy mysql into the chroot template with all needed libraries into .../chroot/lib ... then include a text file in your bin dir --

    mysql_readme

    and write in there that users must execute mysql as:

    mysql -h 127.0.0.1 --username=[YOURUSERNAME] --password=[YOURPASSWORD] --database=[dbname]


    -h uses TCP/IP to connect bypassing the need for mysql.sock
     
Loading...