Good morning to all. We have a problem with ISPConfig 3 trying to use jailkit for users. It seems that the system does not create the correct directories under the user. For example, we have created another PHP version v5.5.17 according to http://www.howtoforge.com/how-to-bu...opcache-and-apcu-for-ispconfig3-debian-wheezy We have added a jailkit php section in /etc/jailkit/jk_init.ini like Code: [php] comment = the php interpreter and libraries executables = /opt/php-5.5.17/bin/php directories = /opt/, /opt/php-5.5.17/, /opt/php-5.5.17/bin/, /opt/php-5.5.17/etc/, /opt/php-5.5.17/include/, /opt/php-5.5.17/lib/, /opt/php-5.5.17/php/, /opt/php-5.5.17/sbin/, /opt/php-5.5.17/var/ and when we run jk_init -f -j /var/www/clients/client1/web1 php we get Code: # jk_init -f -j /var/www/clients/client1/web1 php Traceback (most recent call last): File "/usr/sbin/jk_init", line 240, in <module> main() File "/usr/sbin/jk_init", line 237, in main activateConfig(config, jail, args) File "/usr/sbin/jk_init", line 157, in activateConfig ji.handle_cfg_section(config,jail,cfg,section) File "/usr/sbin/jk_init", line 107, in handle_cfg_section self.didfiles = jk_lib.copy_binaries_and_libs(chroot, paths2, config['force'], config['verbose'], 1, try_hardlink=config['hardlink'],try_glob_matching=1,handledfiles=self.didfiles) File "/usr/share/jailkit/jk_lib.py", line 640, in copy_binaries_and_libs create_parent_path(chroot,os.path.dirname(file), be_verbose, copy_permissions=1, allow_suid=0, copy_ownership=retain_owner) File "/usr/share/jailkit/jk_lib.py", line 462, in create_parent_path os.mkdir(jailpath, 0755) OSError: [Errno 13] Permission denied: '/var/www/clients/client1/web1/opt' We have seen that neither root can create an opt directory under /var/www/clients/client1/web1/ So, what should we do to correctly create php5.5 extension for jailkit? Kind regards to all, Panos.
you can not run jailkiat manually like this. if ispconfig runs jailkit, then it ensures that the web folder protection (immuttable attribute) is removed first and activated again after the jail is created. so if you create a jail manually (which is not recommended as it can conflict with ispconfig), then you have to remove the immutable bit on the jail root /var/www/clients/client1/web1/ first as well and set it again after you created the jail.
Dear Till, We want to be compatible with ISPConfig 3 and we do not want to corrupt any production environment we have... From what you have said we understand that we should only edit the /etc/jailkit/jk_init.ini file and then what? How would we enable php in a user via ISPConfig 3? What would you suggest? If we cannot do it via ISPConfig what are the commands we should run so as to be compatible with ISPConfig? Thank you in advance, Panos.
Dear Till, please verify the following: To change something in a client web folder, i.e. /var/www/clients/client1/web1 you must first turn off the immutable bit on this folder lsattr /var/www/clients/client1/web1 chattr -i /var/www/clients/client1/web1 (do update on folders) chattr +i /var/www/clients/client1/web1 lsattr /var/www/clients/client1/web1 Example to allow a php version to ssh users assigned to a web site... We first create the appropriate section in jailkit configuration file: Code: vi /etc/jailkit/jk_init.ini [php] comment = the php interpreter and libraries executables = /opt/php-5.5.17/bin/php directories = /opt/php-5.5.17/ then we run Code: chattr -i /var/www/clients/client1/web1 jk_init -f -j /var/www/clients/client1/web1 php chattr +i /var/www/clients/client1/web1 Of course, it would be useful to login as the user and configure the PATH environmental variable... (login as the ssh user you have created) Code: vi .profile export PATH=/opt/php-5.5.17/bin/:$PATH vi .bashrc export PATH=/opt/php-5.5.17/bin/:$PATH After I have modified jk_init.ini, I tried to create a new website, and then, a new shell user, but php was not automatically copied under the jaikit root structure. I had to use the above commands... Would you know why is that? Kind regards to all, Panos.
By adding a section to jk_init.ini you only define it's name and dependent files, in order for it to be installed for users when chroot is create you either need to add it in web interface "System/Server Config/Jailkit/Jailkit chroot app sections" or add it to include of one of the existing sections which are being installed by default. I'd choose second option as more cfg-management friendly.