Facebook
TwitterHi guys,
I am testing out Plesk control panel 12 - looks promising, but the moment I hit chroot-ed environment, many things go wrong.
Set up:
Virutal server, running linux (64 bit Ubuntu 14.04 Server LTS);
Plesk Control Panel 12.0.18, Update #14;
Currently running on a trial license;
Brand new installation on a dedicated server;
I have two disks, one is for system stuff, plus plesk; second disk is supposed to be dedicated to /var and /home
root@testthing:/var/log# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 40G 8.7G 29G 24% /
....
/dev/vdb1 493G 2.9G 465G 1% /disk2
root@testthing:/var/log# mount
/dev/vda1 on / type ext4 (rw,errors=remount-ro)
....
/dev/vdb1 on /disk2 type ext4 (rw)
root@testthing:/# ls -l /
total 4194416
drwxr-xr-x 2 root root 4096 Aug 16 20:59 bin
....
drwxrwxr-x 5 root root 4096 Aug 16 16:23 disk2
lrwxrwxrwx 1 root root 11 Aug 16 16:24 home -> /disk2/home
drwxr-xr-x 3 root root 4096 May 8 11:57 home.old
lrwxrwxrwx 1 root root 10 Aug 16 16:41 var -> /disk2/var
drwxr-xr-x 12 root root 4096 May 8 11:53 var.old
(to save place, I've removed the regular stuff that is everywhere and makes not difference for this case ... I think)
The plesk installation went just fine; update ran fine; I can register customers, their websites run fine ... as long as they get no shell at all, or regular shell to the server.
BUT: we need to jail all our customers under chroot. If that is not possible, we can't use Plesk.
I created a Service plan cloned form the Default domain plan and changed only to give the users ssh access to the server with a chroot env.
When I try to register a new client with this new service plan, it fails with lots of error messages (one per directory it tries to make), like this:
chrootmng: cannot set permissions for "/var/www/vhosts/demowh1.blah.blah/lib":Too many levels of symbolic links
...
Dropping the GUI and xperimenting in a shell, as root: If I run:
root@testthing:/usr/local/psa/admin/sbin# ./chrootmng --create --source=/var/www/vhosts/chroot/ --target=/var/www/vhosts/demowh1.blah.blah
open_basedir_with_nofollow: opeat failed: `var', Too many levels of symbolic links
chrootmng: cannot set permissions for "/var/www/vhosts/demowh1.blah.blah/lib":Too many levels of symbolic links
open_basedir_with_nofollow: opeat failed: `var', Too many levels of symbolic links
chrootmng: cannot set permissions for "/var/www/vhosts/demowh1.blah.blah/lib/x86_64-linux-gnu":Too many levels of symbolic links
open_basedir_with_nofollow: opeat failed: `var', Too many levels of symbolic links
....
but, if I run it like this:
root@testthing:/usr/local/psa/admin/sbin# ./chrootmng --create --source=/var/www/vhosts/chroot/ --target=/disk2/var/www/vhosts/demowh1.blah.blah
it proceeds to make a copy of all directories where it should.
so, at this point I am pretty sure that the problem is my link between /var and /disk2.
Still, I want to keep the user data on a separate disk from the system/plesk data.
How do I fix this?
Thank you for reading this far and for any help and suggestions that you might have for me,
- Shantal
I am testing out Plesk control panel 12 - looks promising, but the moment I hit chroot-ed environment, many things go wrong.
Set up:
Virutal server, running linux (64 bit Ubuntu 14.04 Server LTS);
Plesk Control Panel 12.0.18, Update #14;
Currently running on a trial license;
Brand new installation on a dedicated server;
I have two disks, one is for system stuff, plus plesk; second disk is supposed to be dedicated to /var and /home
root@testthing:/var/log# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 40G 8.7G 29G 24% /
....
/dev/vdb1 493G 2.9G 465G 1% /disk2
root@testthing:/var/log# mount
/dev/vda1 on / type ext4 (rw,errors=remount-ro)
....
/dev/vdb1 on /disk2 type ext4 (rw)
root@testthing:/# ls -l /
total 4194416
drwxr-xr-x 2 root root 4096 Aug 16 20:59 bin
....
drwxrwxr-x 5 root root 4096 Aug 16 16:23 disk2
lrwxrwxrwx 1 root root 11 Aug 16 16:24 home -> /disk2/home
drwxr-xr-x 3 root root 4096 May 8 11:57 home.old
lrwxrwxrwx 1 root root 10 Aug 16 16:41 var -> /disk2/var
drwxr-xr-x 12 root root 4096 May 8 11:53 var.old
(to save place, I've removed the regular stuff that is everywhere and makes not difference for this case ... I think)
The plesk installation went just fine; update ran fine; I can register customers, their websites run fine ... as long as they get no shell at all, or regular shell to the server.
BUT: we need to jail all our customers under chroot. If that is not possible, we can't use Plesk.
I created a Service plan cloned form the Default domain plan and changed only to give the users ssh access to the server with a chroot env.
When I try to register a new client with this new service plan, it fails with lots of error messages (one per directory it tries to make), like this:
chrootmng: cannot set permissions for "/var/www/vhosts/demowh1.blah.blah/lib":Too many levels of symbolic links
...
Dropping the GUI and xperimenting in a shell, as root: If I run:
root@testthing:/usr/local/psa/admin/sbin# ./chrootmng --create --source=/var/www/vhosts/chroot/ --target=/var/www/vhosts/demowh1.blah.blah
open_basedir_with_nofollow: opeat failed: `var', Too many levels of symbolic links
chrootmng: cannot set permissions for "/var/www/vhosts/demowh1.blah.blah/lib":Too many levels of symbolic links
open_basedir_with_nofollow: opeat failed: `var', Too many levels of symbolic links
chrootmng: cannot set permissions for "/var/www/vhosts/demowh1.blah.blah/lib/x86_64-linux-gnu":Too many levels of symbolic links
open_basedir_with_nofollow: opeat failed: `var', Too many levels of symbolic links
....
but, if I run it like this:
root@testthing:/usr/local/psa/admin/sbin# ./chrootmng --create --source=/var/www/vhosts/chroot/ --target=/disk2/var/www/vhosts/demowh1.blah.blah
it proceeds to make a copy of all directories where it should.
so, at this point I am pretty sure that the problem is my link between /var and /disk2.
Still, I want to keep the user data on a separate disk from the system/plesk data.
How do I fix this?
Thank you for reading this far and for any help and suggestions that you might have for me,
- Shantal
