• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

How to run cron tasks with a chrooted user that uses PHP?

BezNu

New Pleskian
I tried to add PHP to chroot following this article:

http://kb.parallels.com/818

Unfortunately nothing changes after I run:

./recreate_chroot_env /usr/bin/php /usr/share/zoneinfo

It does get a usr/bin/php directory in the ${HTTPD_VHOSTS_D}/chroot directory. But when I apply this to a domain by using the method described in the article, after I run the cron task it still ends up telling me this:

-: /var/www/vhosts/....: No such file or directory

(This is a cron job that uses PHP and has the comment #!/usr/bin/php on top, and also has execute rights for all users)
 
You manage to successfully add command into crooted shell? Have you tried to login in chroot and try it?

Although I didn't try to add php command to chrooted shell, I only added "rysnc, nano, svn, find, etc....." (for some of them next command won't be enough, but for some it was all i have to do):
http://blog.jandorsman.com/2011/10/...its-shared-libraries-to-a-chrooted-directory/

Replace "rysnc" from example in command you want to add in chrooted shell (command will also copy all the dependincies and that is just AWESOME).
 
Last edited:
> You manage to successfully add command into crooted shell? Have you tried to login in chroot and try it?
>
I tried changing the FTP access details for the Plesk system user that is registered with the subscription to '/bin/bash (chrooted)'. After that the same error came up.

See, PHP is in the chroot directory:

-rwxr-xr-x 1 root root 3479184 Jan 4 09:58 php
[root@.....]# pwd
/var/www/vhosts/chroot/usr/bin
 
Will this solution help me on cron jobs

Hi All,

I have put my own post in this forum with no luck at all - no answers.

No cron job will run under the system user when i set in schedule task under the domain in question. When I log in under root and run the command directly all is fine, i really need crons to run under the domains themselves.

Can any of you point me in the right direction. I am not a plesk wizard even if i was i dont think it would help anyway.

Thanks in advance.

Stefan.
 
Hi Stefan, though your question is off-topic, I can answer this. In Plesk you will need to go to Subscriptions -> <your subscription> -> Websites & Domains -> FTP Access -> The first user in the list (unfortunately this is the only one that can run cron tasks) -> then you have "Access to the server over SSH" where you need to select /bin/bash in order to get taks running with all commands on the server.
 
I must add to this topic that it's a huge shame that no Plesk technician is answering this topic!! It really is a weird situation that you have to allow FTP users full shell access in order to enable them to run cron taks serverwide. This requires an answer from Plesk's side!
 
Hi BezNu,

Yeah sorry for gatecrashing the thread but as per you final shout in this thread no Plesk boys around to answer.

However you are a legend for sorting this out for me and solved my issues - its been a nightmare finding the issue, in previous panels it was a set and forget solution.

now i can crack on.

Again thank you very much and i am going to start a fresh thread with you solution so others do not have to search forever and get nowhere.

thanks,

Stefan.
 
Hi Stefan, please do mind that you are opening up your server to the outside world this way, making it vulnerable. If someone now steals your FTP user's credentials, he will surely be able to login to SSH and have full access to your server binaries. This happened to me more than once in the past.

That's why I think it's insane that Plesk altered the behaviour in this way and made this the only possible solution. I still hope a Plesk technician will notice this topic and at least post a decent reply about it...
 
Hi BezNu,

Well that's absolutely mental, I can not afford to have my server as a sitting duck. I manage the server directly myself and i only host for my clients which i manage directly anyway.

Why has plesk set it like this, is there a more secure way i can run cron jobs (i need them - we all need them)?

How can i get the atention of a plesk technician? Surley they must be aware of the risks they have just created and that users will need to run cron jobs???????

Regards,

Stefan.
 
Stefan, you can run them chrooted, but then you only have the basic commands available that are in /var/www/vhosts/chroot (usually, depending on how your Plesk is set up). As I pointed out when I started this topic, there's a kb 818 that describes a method to add other binaries to this chroot environment. However, this doesn't work as you can read.

In old Plesk (8 / 9), all system users were able to run cron tasks with full access to the server. This was not a big deal when you closed down the external SSH access for these users, which was separated.

It drives me crazy why Plesk changed this feature into something that asks from the end user to open up his server to vulnerabitilies. In the end, Plesk was created to make server administration an easy and secure job. Most Plesk end users cannot even work with shell commands such as the one I mentioned and nobody as of yet presented a successful method of adding PHP to the chrooted shell.

I sent a contact message to the webmaster just yet, hopefully this will draw some attention...
 
Ok I see, lets hope they do pay attention to this as you said plesk is meant to make things easier....

again thanks for the help earlier.

stefan.
 
Hi Stefan, though your question is off-topic, I can answer this. In Plesk you will need to go to Subscriptions -> <your subscription> -> Websites & Domains -> FTP Access -> The first user in the list (unfortunately this is the only one that can run cron tasks) -> then you have "Access to the server over SSH" where you need to select /bin/bash in order to get taks running with all commands on the server.

Thanks BezNu, this was the problem with our Cron too. I've done this before for Cron jobs but hadn't set one up recently enough to remember this. Many thanks!
 
Back
Top