Print this page


A really common issue affecting users in their hosting environments is the lack of popular commands in a chrooted environment.

Since you don't want your users to be able to have root access to your server but you want them to be able to execute shell commands, it makes sense to set up a chroot jail. In this setup you have secured your server from your user since they cannot damage any directory tree other than the one assigned to them. It should be noted though, that it's possible to break out of a chroot jail but it is more than sufficient protection against unintentional damage. So you should use it when you trust your users.

After you've setup PLESK and enabled chroot for a subscriber, you will quickly find that many programs like git are not available. This is mostly due to the fact that many programs require access to devices and services that are generally not available since they are out of scope for chroot. Hovever adding them is not that hard.

For example some popular requests are: ssh, tty and urandom. Luckily PLESK has provided a handy tool called that you can download from here. Now the following commands will allow these popular requests to be accessible within the chrooted environment:

 First of all download the PLESK tool to your home folder as root.

~/ --add ssh
~/ --devices tty
~/ --devices /dev/urandom

Our focus in this article is GIT which is a must have for any developer and has found uses even with normal users. The following commands allow GIT to be executed in a PLESK chrooted directory.

mkdir -p /var/www/vhosts/chroot/usr/share/git-core/templates
cp -raL /usr/share/git-core/templates/ /var/www/vhosts/chroot/usr/share/git-core/templates
~/ --add /usr/bin/tr
~/ --add /usr/bin/git
~/ --add /usr/bin/dirname /usr/bin/wc /usr/bin/perl /usr/bin/tput /usr/bin/basename
~/ --add /usr/bin/git*
~/ --add /usr/lib/git-core/*
cp -raL /usr/lib/git-core/* /var/www/vhosts/chroot/usr/lib/git-core/

After you're done with adding the necessary tools, you need to update the chroot environment for the subscription


~/ --apply

*If any command isn't found in the previous locations you can search for it using `which <command>` for example `which tr` or `which basename`

Rate this item
(1 Vote)

Social Share

Related items