Patching chroot template directory

[Michael Mealling]

Plesk 9.2.3 on RHEL 5.6

As we patch the server the distance between what version of the OS the server is running and what is in a site's chroot jail gets larger and larger. Is it safe to update the binaries and libraries in /var/www/vhosts/chroot and if so, is there a preferred method? The "chrootmng" script is so opaque that I can't quite tell what it would do.

 

[Michael Mealling]

Solution found in installation RPM (understand this script before you use it!)

(Thanks to ##plesk!)

Plesk 9.2.3 and beyond do not have a method to recreate the /var/www/vhosts/chroot jail template. It is created during installation but once installed it begins to drift from what the system files are as you patch the base operating system. In order to bring the chroot jails in sync with your internal patch schedule you need to rebuild the template every time you patch. Here's how to do it.

The attached script is based on the script that is part of the original installation RPM. I have not verified that this works on anything other than RHEL 5.6. You should look at it before you just run it as is. The only argument is the directory where it will build the template. I have also commented out the bit that runs chrootmng to remove and rebuild the jails for all of your vhosts. You should probably do that manually. What I usually do is create chroot.new and run this script on that directory. Then run chrootmng to remove the existing jails. Verify that all are removed by checking the hardlinks count for the files in the old jail template. Then move the old chroot template to chroot.old and then chroot.new to chroot. Then run chrootmng to recreate the jails based on the new source.