Issue Git - additional deploy actions : Limited access to binaries [Git extension bug: EXTGIT-22]

[Zéfyx]

Server operating system version

Ubuntu 24.04

Plesk version and microupdate number

v18.0.65_build1800241122.08

Hello,

Plesk Obsidian v18.0.65_build1800241122.08 os_Ubuntu 24.04


On the functionality "Enable additional deploy actions" on the git deployment, the access to binaries and executables are very very limited making
almost impossible to use this functionality even if the user of the subscription as SSH (type /bin/bash).

When using the terminal the user has access to php, composer and node because there are in the $PATH :

/var/www/vhosts/THE_DOMAIN/.phpenv/shims:/opt/plesk/phpenv/bin:
/var/www/vhosts/THE_DOMAIN/.nodenv/shims:/var/www/vhosts/THE_DOMAIN/.phpenv/shims:/opt/plesk/phpenv/bin:
/var/www/vhosts/THE_DOMAIN/.nodenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:
/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin

Therefore a command like ``php bin/console cache:clear`` can be use.

BUT

the PATH provided to the deploys actions only contains ``/usr/bin:/bin`` (even if the user is still the same : verified with ``whoami``)

.PHONY: debugfromterminal debugfromdeployactions

debugfromterminal:
       @whoami > debugfromterminal.txt
       @echo "${PATH}" >> debugfromterminal.txt
       @which php >> debugfromterminal.txt
       @php --version >> debugfromterminal.txt
debugfromdeployactions:
       @whoami > debugfromdeployactions.txt
       @echo "${PATH}" >> debugfromdeployactions.txt
       @which php >> debugfromdeployactions.txt
       @php --version >> debugfromdeployactions.txt

"theuser1" execute "make debugfromterminal" from the terminal. The output in debugfromterminal.txt is :

theuser1
/var/www/vhosts/subscription.com/.phpenv/shims:/opt/plesk/phpenv/bin:/var/www/vhosts/subscription.com/.nodenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
/var/www/vhosts/the- subscription.com/.phpenv/shims/php
PHP 8.3.6 (cli) (built: Apr 12 2024 12:51:02) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.3.6, Copyright (c) Zend Technologies
with Zend OPcache v8.3.6, Copyright (c), by Zend Technologies

"theuser1" set the following command in the git deploy actions "make debugfromdeployactions" then manually (but also true on automatic) deploy. The output in debugfromdeployactions.txt is :

theuser1
/usr/bin:/bin

According Pablo A. from the plesk support team, on April 26, 2024 18:13 the bug has been identified as Git extension bug: EXTGIT-22:

Thanks to your help, this has been identified as a Git extension bug: EXTGIT-22. The observations you shared are entirely correct. Additional deployment actions are limited to the commands inside /usr/bin and /bin, and modifications of the PATH variable are ignored.

At the moment, there is no estimated time of a resolution from the development team,

This bug make impossible the auto deployment of framework application (eg symfony).

.PHONY: deploy

deploy:
    -composer install --no-dev --optimize-autoloader
    -composer dump-env prod
    -php bin/console cache:clear

 

[Sebahat.hadzhi]

Thank you for providing the details for the Plesk Community, @Zéfyx. Until the bug is fixed, you may try one of the following workarounds:

• Go to Domains > example.com > Git > Repository Settings and change the command in the Actions field by specifying the full path for the command, for example:
  From:
  examplecommand
  To:
  /usr/local/bin/examplecommand

• Go to Domains > example.com > Web Hosting Access. From the drop-down menu Access to the server over SSH select the /bin/bash.

• Execute the command below to create the symlink for the examplecommand in /bin directory:
  
  ln -s /usr/local/bin/examplecommand /bin/examplecommand
  

I hope that helps.

 

[Zéfyx]

Thank you for your response.
In the ticket #95252814 of April 26, 2024 , Pablo A. suggested something similar.

Unfortunately, this workaround is not applicable for user with SSH access of type "/bin/bash" (not "/bin/bash (chrooted)")
The folder "/usr/bin" (and /bin is a symlink of /usr/bin) is owned by root and contains binaries for the whole system.

Creating a symlink for "/.phpenv/shims/php" or "/.phpenv/shims/composer" from a subscription inside "/usr/bin" can lead to problems for the system.