Hi all, I'm new to ISPConfig but learning fast. I'm on Debian 12 using nginx and used the perfect-script install (actually on Debian 11 and then updated to Debian 12) and have had success so far getting SSH users running with jailkit. I have hit a snag with wp-cli. After installing in root, it works fine with the following output: Code: OS: Linux 6.1.0-17-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.69-1 (2023-12-30) x86_64 Shell: /bin/bash PHP binary: /usr/bin/php8.2 PHP version: 8.2.15 php.ini used: /etc/php/8.2/cli/php.ini MySQL binary: /usr/bin/mysql MySQL version: mysql Ver 15.1 Distrib 10.11.4-MariaDB, for debian-linux-gnu (x86_64) using EditLine wrapper SQL modes: STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION WP-CLI root dir: phar://wp-cli.phar/vendor/wp-cli/wp-cli WP-CLI vendor dir: phar://wp-cli.phar/vendor WP_CLI phar path: /root WP-CLI packages dir: WP-CLI cache dir: /root/.wp-cli/cache WP-CLI global config: WP-CLI project config: WP-CLI version: 2.9.0 I then added php and wp to the jailkit config with: Code: coreutils basicshell editors extendedshell netutils ssh sftp scp jk_lsh mysql-client git php wp and ran Code: jk_init -c /etc/jailkit/jk_init.ini -f -k -j /var/www/clients/client1/web4 wp When I log in with a jailkit user I can run php -v fine but wp --info can't find the phar file and returns: Code: Fatal error: Uncaught Error: Class "Phar" not found in /usr/local/bin/wp:3 Stack trace: #0 {main} thrown in /usr/local/bin/wp on line 3 I hope that makes some sense and you can point me in the right direction. Many thanks Chris
ISPConfig was installed with the "perfect" script so all recent versions of PHP are installed from 7.4 up to 8.3 along with that. The system default was switched to 8.2 when I updated to Debian 12. php -v reports the same in all ssh users: Code: PHP 8.2.15 (cli) (built: Jan 20 2024 14:14:18) (NTS) Copyright (c) The PHP Group Zend Engine v4.2.15, Copyright (c) Zend Technologies I am at the very beginning of this install and only have a test site configured right now. So if I need to remove and recreate that site or the ssh user I am not opposed to doing that. My goal here is to ensure the default tools are in place for when I create new ssh users and/or sites. wp-cli will be one of those tools.
It appears to be a problem with the PHAR extension not being loaded by default for the jailkit user? If I run: php -d extension=phar ./wp --info then I get the proper output: Code: php -d extension=phar ./wp --info OS: Linux 6.1.0-17-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.69-1 (2023-12-30) x86_64 Shell: /bin/bash PHP binary: /usr/bin/php8.2 PHP version: 8.2.15 php.ini used: MySQL binary: /usr/bin/mysql MySQL version: mysql Ver 15.1 Distrib 10.11.4-MariaDB, for debian-linux-gnu (x86_64) using EditLine wrapper SQL modes: WP-CLI root dir: phar://wp-cli.phar/vendor/wp-cli/wp-cli WP-CLI vendor dir: phar://wp-cli.phar/vendor WP_CLI phar path: /usr/local/bin WP-CLI packages dir: WP-CLI cache dir: /home/*sshuser*/.wp-cli/cache WP-CLI global config: WP-CLI project config: WP-CLI version: 2.9.0 php -i returns this: Code: phpinfo() PHP Version => 8.2.15 System => Linux s91370 6.1.0-17-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.69-1 (2023-12-30) x86_64 Build Date => Jan 20 2024 14:14:18 Build System => Linux Server API => Command Line Interface Virtual Directory Support => disabled Configuration File (php.ini) Path => /etc/php/8.2/cli Loaded Configuration File => (none) Scan this dir for additional .ini files => /etc/php/8.2/cli/conf.d Additional .ini files parsed => (none) PHP API => 20220829 PHP Extension => 20220829 Zend Extension => 420220829 Zend Extension Build => API420220829,NTS PHP Extension Build => API20220829,NTS Debug Build => no Thread Safety => disabled Zend Signal Handling => enabled Zend Memory Manager => enabled Zend Multibyte Support => disabled Zend Max Execution Timers => disabled IPv6 Support => enabled DTrace Support => available, disabled Registered PHP Streams => https, ftps, compress.zlib, php, file, glob, data, http, ftp Registered Stream Socket Transports => tcp, udp, unix, udg, ssl, tls, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3 Registered Stream Filters => zlib.*, string.rot13, string.toupper, string.tolower, convert.*, consumed, dechunk This program makes use of the Zend Scripting Language Engine: Zend Engine v4.2.15, Copyright (c) Zend Technologies _______________________________________________________________________ Configuration Core PHP Version => 8.2.15 Directive => Local Value => Master Value allow_url_fopen => On => On allow_url_include => Off => Off arg_separator.input => & => & arg_separator.output => & => & auto_append_file => no value => no value auto_globals_jit => On => On auto_prepend_file => no value => no value browscap => no value => no value default_charset => UTF-8 => UTF-8 default_mimetype => text/html => text/html disable_classes => no value => no value disable_functions => no value => no value display_errors => STDOUT => STDOUT display_startup_errors => On => On doc_root => no value => no value docref_ext => no value => no value docref_root => no value => no value enable_dl => On => On enable_post_data_reading => On => On error_append_string => no value => no value error_log => no value => no value error_log_mode => 0644 => 0644 error_prepend_string => no value => no value error_reporting => no value => no value expose_php => On => On extension_dir => /usr/lib/php/20220829 => /usr/lib/php/20220829 fiber.stack_size => no value => no value file_uploads => On => On hard_timeout => 2 => 2 highlight.comment => <font style="color: #FF8000">#FF8000</font> => <font style="color: #FF8000">#FF8000</font> highlight.default => <font style="color: #0000BB">#0000BB</font> => <font style="color: #0000BB">#0000BB</font> highlight.html => <font style="color: #000000">#000000</font> => <font style="color: #000000">#000000</font> highlight.keyword => <font style="color: #007700">#007700</font> => <font style="color: #007700">#007700</font> highlight.string => <font style="color: #DD0000">#DD0000</font> => <font style="color: #DD0000">#DD0000</font> html_errors => Off => Off ignore_repeated_errors => Off => Off ignore_repeated_source => Off => Off ignore_user_abort => Off => Off implicit_flush => On => On include_path => .:/usr/share/php => .:/usr/share/php input_encoding => no value => no value internal_encoding => no value => no value log_errors => Off => Off mail.add_x_header => Off => Off mail.force_extra_parameters => no value => no value mail.log => no value => no value mail.mixed_lf_and_crlf => Off => Off max_execution_time => 0 => 0 max_file_uploads => 20 => 20 max_input_nesting_level => 64 => 64 max_input_time => -1 => -1 max_input_vars => 1000 => 1000 max_multipart_body_parts => -1 => -1 memory_limit => 128M => 128M open_basedir => no value => no value output_buffering => 0 => 0 output_encoding => no value => no value output_handler => no value => no value post_max_size => 8M => 8M precision => 14 => 14 realpath_cache_size => 4096K => 4096K realpath_cache_ttl => 120 => 120 register_argc_argv => On => On report_memleaks => On => On report_zend_debug => Off => Off request_order => no value => no value sendmail_from => no value => no value sendmail_path => /usr/sbin/sendmail -t -i => /usr/sbin/sendmail -t -i serialize_precision => -1 => -1 short_open_tag => On => On SMTP => localhost => localhost smtp_port => 25 => 25 sys_temp_dir => no value => no value syslog.facility => LOG_USER => LOG_USER syslog.filter => no-ctrl => no-ctrl syslog.ident => php => php unserialize_callback_func => no value => no value upload_max_filesize => 2M => 2M upload_tmp_dir => no value => no value user_dir => no value => no value user_ini.cache_ttl => 300 => 300 user_ini.filename => .user.ini => .user.ini variables_order => EGPCS => EGPCS xmlrpc_error_number => 0 => 0 xmlrpc_errors => Off => Off zend.assertions => 1 => 1 zend.detect_unicode => On => On zend.enable_gc => On => On zend.exception_ignore_args => Off => Off zend.exception_string_param_max_len => 15 => 15 zend.multibyte => Off => Off zend.script_encoding => no value => no value zend.signal_check => Off => Off date date/time support => enabled timelib version => 2022.10 "Olson" Timezone Database Version => 0.system Timezone Database => internal Default timezone => UTC Directive => Local Value => Master Value date.default_latitude => 31.7667 => 31.7667 date.default_longitude => 35.2333 => 35.2333 date.sunrise_zenith => 90.833333 => 90.833333 date.sunset_zenith => 90.833333 => 90.833333 date.timezone => UTC => UTC filter Input Validation and Filtering => enabled Directive => Local Value => Master Value filter.default => unsafe_raw => unsafe_raw filter.default_flags => no value => no value hash hash support => enabled Hashing Engines => md2 md4 md5 sha1 sha224 sha256 sha384 sha512/224 sha512/256 sha512 sha3-224 sha3-256 sha3-384 sha3-512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru snefru256 gost gost-crypto adler32 crc32 crc32b crc32c fnv132 fnv1a32 fnv164 fnv1a64 joaat murmur3a murmur3c murmur3f xxh32 xxh64 xxh3 xxh128 haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5 MHASH support => Enabled MHASH API Version => Emulated Support json json support => enabled libxml libXML support => active libXML Compiled Version => 2.9.14 libXML Loaded Version => 20914 libXML streams => enabled openssl OpenSSL support => enabled OpenSSL Library Version => OpenSSL 3.0.11 19 Sep 2023 OpenSSL Header Version => OpenSSL 3.0.11 19 Sep 2023 Openssl default config => /usr/lib/ssl/openssl.cnf Directive => Local Value => Master Value openssl.cafile => no value => no value openssl.capath => no value => no value pcntl pcntl support => enabled pcre PCRE (Perl Compatible Regular Expressions) Support => enabled PCRE Library Version => 10.42 2022-12-11 PCRE Unicode Version => 14.0.0 PCRE JIT Support => enabled PCRE JIT Target => x86 64bit (little endian + unaligned) Directive => Local Value => Master Value pcre.backtrack_limit => 1000000 => 1000000 pcre.jit => On => On pcre.recursion_limit => 100000 => 100000 random Version => 8.2.15 Reflection Reflection => enabled session Session Support => enabled Registered save handlers => files user Registered serializer handlers => php_serialize php php_binary Directive => Local Value => Master Value session.auto_start => Off => Off session.cache_expire => 180 => 180 session.cache_limiter => nocache => nocache session.cookie_domain => no value => no value session.cookie_httponly => Off => Off session.cookie_lifetime => 0 => 0 session.cookie_path => / => / session.cookie_samesite => no value => no value session.cookie_secure => Off => Off session.gc_divisor => 100 => 100 session.gc_maxlifetime => 1440 => 1440 session.gc_probability => 1 => 1 session.lazy_write => On => On session.name => PHPSESSID => PHPSESSID session.referer_check => no value => no value session.save_handler => files => files session.save_path => /var/lib/php/sessions => /var/lib/php/sessions session.serialize_handler => php => php session.sid_bits_per_character => 4 => 4 session.sid_length => 32 => 32 session.upload_progress.cleanup => On => On session.upload_progress.enabled => On => On session.upload_progress.freq => 1% => 1% session.upload_progress.min_freq => 1 => 1 session.upload_progress.name => PHP_SESSION_UPLOAD_PROGRESS => PHP_SESSION_UPLOAD_PROGRESS session.upload_progress.prefix => upload_progress_ => upload_progress_ session.use_cookies => On => On session.use_only_cookies => On => On session.use_strict_mode => Off => Off session.use_trans_sid => Off => Off sodium sodium support => enabled libsodium headers version => 1.0.18 libsodium library version => 1.0.18 SPL SPL support => enabled Interfaces => OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject Classes => AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, CallbackFilterIterator, DirectoryIterator, DomainException, EmptyIterator, FilesystemIterator, FilterIterator, GlobIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, MultipleIterator, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveCallbackFilterIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RecursiveTreeIterator, RegexIterator, RuntimeException, SplDoublyLinkedList, SplFileInfo, SplFileObject, SplFixedArray, SplHeap, SplMinHeap, SplMaxHeap, SplObjectStorage, SplPriorityQueue, SplQueue, SplStack, SplTempFileObject, UnderflowException, UnexpectedValueException standard Dynamic Library Support => enabled Path to sendmail => /usr/sbin/sendmail -t -i Directive => Local Value => Master Value assert.active => On => On assert.bail => Off => Off assert.callback => no value => no value assert.exception => On => On assert.warning => On => On auto_detect_line_endings => Off => Off default_socket_timeout => 60 => 60 from => no value => no value session.trans_sid_hosts => no value => no value session.trans_sid_tags => a=href,area=href,frame=src,form= => a=href,area=href,frame=src,form= unserialize_max_depth => 4096 => 4096 url_rewriter.hosts => no value => no value url_rewriter.tags => form= => form= user_agent => no value => no value zlib ZLib Support => enabled Stream Wrapper => compress.zlib:// Stream Filter => zlib.inflate, zlib.deflate Compiled Version => 1.2.13 Linked Version => 1.2.13 Directive => Local Value => Master Value zlib.output_compression => Off => Off zlib.output_compression_level => -1 => -1 zlib.output_handler => no value => no value Additional Modules Module Name Environment Variable => Value SHELL => /bin/bash PWD => /usr/local/bin HOME => /home/*sshuser* USERNAME => *sshuser* LANG => en_US.UTF-8 TERM => xterm-256color USER => *sshuser* SHLVL => 1 PATH => /usr/local/bin:/usr/bin:/bin:/usr/games _ => /usr/bin/php OLDPWD => /usr/local PHP Variables Variable => Value $_SERVER['SHELL'] => /bin/bash $_SERVER['PWD'] => /usr/local/bin $_SERVER['HOME'] => /home/*sshuser* $_SERVER['USERNAME'] => *sshuser* $_SERVER['LANG'] => en_US.UTF-8 $_SERVER['TERM'] => xterm-256color $_SERVER['USER'] => wwd_chrisalewindward_chris $_SERVER['SHLVL'] => 1 $_SERVER['PATH'] => /usr/local/bin:/usr/bin:/bin:/usr/games $_SERVER['_'] => /usr/bin/php $_SERVER['OLDPWD'] => /usr/local $_SERVER['PHP_SELF'] => $_SERVER['SCRIPT_NAME'] => $_SERVER['SCRIPT_FILENAME'] => $_SERVER['PATH_TRANSLATED'] => $_SERVER['DOCUMENT_ROOT'] => $_SERVER['REQUEST_TIME_FLOAT'] => 1707412240.6979 $_SERVER['REQUEST_TIME'] => 1707412240 $_SERVER['argv'] => Array ( ) $_SERVER['argc'] => 0 $_ENV['SHELL'] => /bin/bash $_ENV['PWD'] => /usr/local/bin $_ENV['HOME'] => /home/*sshuser* $_ENV['USERNAME'] => *sshuser* $_ENV['LANG'] => en_US.UTF-8 $_ENV['TERM'] => xterm-256color $_ENV['USER'] => *sshuser* $_ENV['SHLVL'] => 1 $_ENV['PATH'] => /usr/local/bin:/usr/bin:/bin:/usr/games $_ENV['_'] => /usr/bin/php $_ENV['OLDPWD'] => /usr/local PHP License This program is free software; you can redistribute it and/or modify it under the terms of the PHP License as published by the PHP Group and included in the distribution in the file: LICENSE This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. If you did not receive a copy of the PHP license, or have any questions about PHP licensing, please contact [email protected].
I believe I found the problem in /etc/jailkit/jk_init.ini Code: # Debian 10 default php version is 7.3 (Debian 9 is 7.0) # Todo: set default version in ISPConfig installer, # but install the php cli version matching the website [php] comment = default php version and libraries paths = /usr/bin/php includesections = php_common, php8_2 The php8_2 was set to php7_3 (the default for Debian 10). I assume it was not updated with Debian 12, nor when I changed the default in the web interface (which it mentions in the comment directly above that line.) Changing it to the proper current default value has solved the issue.
Modifications to that file will be overwritten on ISPConfig update. It would be better to add the (relevant) PHP versions to the Jailkit sections under System > Server config > server1.example.com > Jailkit > Jailkit chroot app sections. Example of the content on one of my servers: Code: coreutils basicshell editors extendedshell netutils ssh sftp scp jk_lsh mysql-client git php php5_6 php7_0 php7_1 php7_2 php7_3 php7_4 php8_0 php8_1 php8_2 php8_3 wp composer imagemagick
Not sure if we would run into problems on systems where a PHP version is missing but is in the chroot app section.