Innovative Open source WEB technologies for everyone

IOWEB Technologies

with our news and our solutions

ADD GIT TO PLESK ONYX 17.8.11 CHROOT IN DEBIAN JESSIE 8.11

A really common issue affecting users in their hosting environments is the lack of popular commands in a chrooted environment.

Since you don't want your users to be able to have root access to your server but you want them to be able to execute shell commands, it makes sense to set up a chroot jail. In this setup you have secured your server from your user since they cannot damage any directory tree other than the one assigned to them. It should be noted though, that it's possible to break out of a chroot jail but it is more than sufficient protection against unintentional damage. So you should use it when you trust your users.

After you've setup PLESK and enabled chroot for a subscriber, you will quickly find that many programs like git are not available. This is mostly due to the fact that many programs require access to devices and services that are generally not available since they are out of scope for chroot. Hovever adding them is not that hard.

For example some popular requests are: ssh, tty and urandom. Luckily PLESK has provided a handy tool called  update_chroot.sh that you can download from here. Now the following commands will allow these popular requests to be accessible within the chrooted environment:

 First of all download the PLESK tool to your home folder as root.

 
~/update_chroot.sh --add ssh
~/update_chroot.sh --devices tty
~/update_chroot.sh --devices /dev/urandom
 

Our focus in this article is GIT which is a must have for any developer and has found uses even with normal users. The following commands allow GIT to be executed in a PLESK chrooted directory.

 
mkdir -p /var/www/vhosts/chroot/usr/share/git-core/templates
cp -raL /usr/share/git-core/templates/ /var/www/vhosts/chroot/usr/share/git-core/templates
~/update_chroot.sh --add /usr/bin/tr
~/update_chroot.sh --add /usr/bin/git
~/update_chroot.sh --add /usr/bin/dirname /usr/bin/wc /usr/bin/perl /usr/bin/tput /usr/bin/basename
~/update_chroot.sh --add /usr/bin/git*
~/update_chroot.sh --add /usr/lib/git-core/*
cp -raL /usr/lib/git-core/* /var/www/vhosts/chroot/usr/lib/git-core/
 

After you're done with adding the necessary tools, you need to update the chroot environment for the subscription

e.g.

 
~/update_chroot.sh --apply ioweb.gr
 

*If any command isn't found in the previous locations you can search for it using `which <command>` for example `which tr` or `which basename`

Rate this item
(0 votes)

Related items

Comments powered by CComment

FIND US

Eptapirgiou 149, Sykies
ZIP: 56626
Thessaloniki

Tel: +302314012823


WORKING HOURS

Monday-Friday: 9:00 – 17:00

Search