1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Cron jobs run in chrooted environment!!

Discussion in 'Plesk 11.x for Linux' started by BezNu, Jan 4, 2013.

  1. BezNu

    BezNu New Pleskian

    22
    73%
    Joined:
    Dec 10, 2007
    Messages:
    12
    Likes Received:
    0
    I am sorry, but this is the weirdest feature in Plesk 10 / 11 I have ever found and I am really unhappy with it!

    Default behaviour of Plesk is to run cron jobs in a chrooted environment, causing loads of problems, because php and other software are NOT in this chrooted environment.

    This causes problems, such as:

    "-: .... : No such file or directory" or "sudo: command not found", etc.

    The solution offered to this by various people is to enable FULL SHELL access to the MAIN FTP USER of the domain! :O

    Please read the line above again... this is a huge security risk!!!!

    I have tried several things, such as:

    1) Creating an additional FTP user -> Problem: You cannot give shell access to additional FTP users
    2) Trying to find out how to create an additional system user -> Problem: I couldn't find any proper documentation on how to do this

    So basically I am completely stuck here, I wish there was a way to simply get the "old cron behaviour" back in Plesk 10 / 11 where cron tasks could simply access all of the server's software without limitations.


    Does anybody know a way to do this?


    Other solution offered was to get all the scripts / binaries / etc you want cron to be able to run in a chrooted shell, I tried this with PHP but this is as far as I can see an impossible way to go. (Dependencies........)
     
  2. RutgerH

    RutgerH New Pleskian

    19
    85%
    Joined:
    Nov 27, 2009
    Messages:
    17
    Likes Received:
    0
  3. BezNu

    BezNu New Pleskian

    22
    73%
    Joined:
    Dec 10, 2007
    Messages:
    12
    Likes Received:
    0
    Unfortunately, this is exactly what I mentioned when I said:


    Because, when you run that command, you will enable full shell access to the main FTP users of every domain, which I really don't want to do. Seriously, I had issues with stolen FTP passwords more than once and then it is better to have one subscription / domain hacked, than your entire server. Moreover, if you want to have SFTP, you need a chrooted shell.

    In good ol' Plesk crons did have access to all of the server, but the FTP users could have chrooted shell and this was not connected to cron access in any way.
     
Loading...