1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

How to run cron tasks with a chrooted user that uses PHP?

Discussion in 'Plesk 11.x for Linux' started by BezNu, Jan 7, 2013.

  1. BezNu

    BezNu New Pleskian

    22
    73%
    Joined:
    Dec 10, 2007
    Messages:
    12
    Likes Received:
    0
    I tried to add PHP to chroot following this article:

    http://kb.parallels.com/818

    Unfortunately nothing changes after I run:

    ./recreate_chroot_env /usr/bin/php /usr/share/zoneinfo

    It does get a usr/bin/php directory in the ${HTTPD_VHOSTS_D}/chroot directory. But when I apply this to a domain by using the method described in the article, after I run the cron task it still ends up telling me this:

    -: /var/www/vhosts/....: No such file or directory

    (This is a cron job that uses PHP and has the comment #!/usr/bin/php on top, and also has execute rights for all users)
     
  2. MislavO

    MislavO Regular Pleskian

    16
    85%
    Joined:
    Jul 20, 2012
    Messages:
    271
    Likes Received:
    1
    Location:
    Croatia
    You manage to successfully add command into crooted shell? Have you tried to login in chroot and try it?

    Although I didn't try to add php command to chrooted shell, I only added "rysnc, nano, svn, find, etc....." (for some of them next command won't be enough, but for some it was all i have to do):
    http://blog.jandorsman.com/2011/10/...its-shared-libraries-to-a-chrooted-directory/

    Replace "rysnc" from example in command you want to add in chrooted shell (command will also copy all the dependincies and that is just AWESOME).
     
    Last edited: Jan 7, 2013
  3. BezNu

    BezNu New Pleskian

    22
    73%
    Joined:
    Dec 10, 2007
    Messages:
    12
    Likes Received:
    0
    > You manage to successfully add command into crooted shell? Have you tried to login in chroot and try it?
    >
    I tried changing the FTP access details for the Plesk system user that is registered with the subscription to '/bin/bash (chrooted)'. After that the same error came up.

    See, PHP is in the chroot directory:

    -rwxr-xr-x 1 root root 3479184 Jan 4 09:58 php
    [root@.....]# pwd
    /var/www/vhosts/chroot/usr/bin
     
  4. stefan taylor

    stefan taylor New Pleskian

    11
     
    Joined:
    Jan 4, 2013
    Messages:
    16
    Likes Received:
    0
    Will this solution help me on cron jobs

    Hi All,

    I have put my own post in this forum with no luck at all - no answers.

    No cron job will run under the system user when i set in schedule task under the domain in question. When I log in under root and run the command directly all is fine, i really need crons to run under the domains themselves.

    Can any of you point me in the right direction. I am not a plesk wizard even if i was i dont think it would help anyway.

    Thanks in advance.

    Stefan.
     
  5. BezNu

    BezNu New Pleskian

    22
    73%
    Joined:
    Dec 10, 2007
    Messages:
    12
    Likes Received:
    0
    Hi Stefan, though your question is off-topic, I can answer this. In Plesk you will need to go to Subscriptions -> <your subscription> -> Websites & Domains -> FTP Access -> The first user in the list (unfortunately this is the only one that can run cron tasks) -> then you have "Access to the server over SSH" where you need to select /bin/bash in order to get taks running with all commands on the server.
     
  6. BezNu

    BezNu New Pleskian

    22
    73%
    Joined:
    Dec 10, 2007
    Messages:
    12
    Likes Received:
    0
    I must add to this topic that it's a huge shame that no Plesk technician is answering this topic!! It really is a weird situation that you have to allow FTP users full shell access in order to enable them to run cron taks serverwide. This requires an answer from Plesk's side!
     
  7. stefan taylor

    stefan taylor New Pleskian

    11
     
    Joined:
    Jan 4, 2013
    Messages:
    16
    Likes Received:
    0
    Hi BezNu,

    Yeah sorry for gatecrashing the thread but as per you final shout in this thread no Plesk boys around to answer.

    However you are a legend for sorting this out for me and solved my issues - its been a nightmare finding the issue, in previous panels it was a set and forget solution.

    now i can crack on.

    Again thank you very much and i am going to start a fresh thread with you solution so others do not have to search forever and get nowhere.

    thanks,

    Stefan.
     
  8. BezNu

    BezNu New Pleskian

    22
    73%
    Joined:
    Dec 10, 2007
    Messages:
    12
    Likes Received:
    0
    Hi Stefan, please do mind that you are opening up your server to the outside world this way, making it vulnerable. If someone now steals your FTP user's credentials, he will surely be able to login to SSH and have full access to your server binaries. This happened to me more than once in the past.

    That's why I think it's insane that Plesk altered the behaviour in this way and made this the only possible solution. I still hope a Plesk technician will notice this topic and at least post a decent reply about it...
     
  9. stefan taylor

    stefan taylor New Pleskian

    11
     
    Joined:
    Jan 4, 2013
    Messages:
    16
    Likes Received:
    0
    Hi BezNu,

    Well that's absolutely mental, I can not afford to have my server as a sitting duck. I manage the server directly myself and i only host for my clients which i manage directly anyway.

    Why has plesk set it like this, is there a more secure way i can run cron jobs (i need them - we all need them)?

    How can i get the atention of a plesk technician? Surley they must be aware of the risks they have just created and that users will need to run cron jobs???????

    Regards,

    Stefan.
     
  10. BezNu

    BezNu New Pleskian

    22
    73%
    Joined:
    Dec 10, 2007
    Messages:
    12
    Likes Received:
    0
    Stefan, you can run them chrooted, but then you only have the basic commands available that are in /var/www/vhosts/chroot (usually, depending on how your Plesk is set up). As I pointed out when I started this topic, there's a kb 818 that describes a method to add other binaries to this chroot environment. However, this doesn't work as you can read.

    In old Plesk (8 / 9), all system users were able to run cron tasks with full access to the server. This was not a big deal when you closed down the external SSH access for these users, which was separated.

    It drives me crazy why Plesk changed this feature into something that asks from the end user to open up his server to vulnerabitilies. In the end, Plesk was created to make server administration an easy and secure job. Most Plesk end users cannot even work with shell commands such as the one I mentioned and nobody as of yet presented a successful method of adding PHP to the chrooted shell.

    I sent a contact message to the webmaster just yet, hopefully this will draw some attention...
     
  11. stefan taylor

    stefan taylor New Pleskian

    11
     
    Joined:
    Jan 4, 2013
    Messages:
    16
    Likes Received:
    0
    Ok I see, lets hope they do pay attention to this as you said plesk is meant to make things easier....

    again thanks for the help earlier.

    stefan.
     
  12. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,575
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
  13. Red Paint

    Red Paint Basic Pleskian

    26
    23%
    Joined:
    Aug 19, 2009
    Messages:
    78
    Likes Received:
    1
    Thanks BezNu, this was the problem with our Cron too. I've done this before for Cron jobs but hadn't set one up recently enough to remember this. Many thanks!
     
Loading...