Posts by itcm

itcm · Jun 25th 2019

maybe you have any news or can you point me on some documentation?

Thank you again for your time

itcm · Jun 19th 2019

Quote from Nuxwin

Good morning,

First, don't worry, it practicable... T

TheCry If I remember well, you did such thing in the past with the InstantSSH plugin. Maybe you could help here.

Hi Nuxwin, thank you for your reply. The config is basic, I jsut added some sections and rebuilt the jail.

This is the content of config.php

Code

<?php
/**
* i-MSCP InstantSSH plugin
*
* @author Laurent Declercq <l.declercq@nuxwin.com>
* @copyright (C) 2014-2016 Laurent Declercq <l.declercq@nuxwin.com>
* @license i-MSCP License <http://www.i-mscp.net/license-agreement.html>
*/
$config = iMSCP_Registry::get('config');
return array(
// SSH daemon service name (default: ssh)
'ssh_service_name' => 'ssh',
// SSH daemon configuration file path (default: /etc/ssh/sshd_config)
'sshd_config_file_path' => '/etc/ssh/sshd_config',
// Base directory for SSH daemon authorized_keys files (default: /usr/local/etc/InstantSSH)
// WARNING: Don't change this parameter unless you know what you are doing.
'sshd_authorized_keys_base_dir' => '/etc/InstantSSH',
// SSH user name prefix (default: imscp_)
//
// This is a security measurement which prevents usage of system users.
// WARNING: You *must* never set this parameter to an empty value.
'ssh_user_name_prefix' => 'imscp_',
// Passwordless authentication (default: false)
//
// When set to TRUE, passwordless authentication is enforced, meaning that the customers cannot set password for
// their SSH users. This implies necessarily that the customers have to provide a SSH key. When set to FALSE, both
// authentication methods (password and key) are available. In such a case, customers can provide either a password,
// either a key, or both.
//
// Note: This applies only to newly created or updated SSH users
'passwordless_authentication' => true,
// Default SSH authentication options for new SSH keys
//
// See man sshd(8) for a list of allowed authentication options.
// e.g. command="dump /home",no-pty,no-port-forwarding
//
// WARNING: Any option defined here must be specified in the allowed_ssh_auth_options configuration option.
'default_ssh_auth_options' => 'no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc',
// SSH authentication options that customers can setup when they are allowed to override defaults.
//
// Supported options are:
//
// \InstantSSH\Validate\SshAuthOptions::ALL (all options)
// \InstantSSH\Validate\SshAuthOptions::CERT_AUTHORITY (cert-authority option)
// \InstantSSH\Validate\SshAuthOptions::COMMAND (command option)
// \InstantSSH\Validate\SshAuthOptions::ENVIRONMENT (environment option)
// \InstantSSH\Validate\SshAuthOptions::FROM (from option)
// \InstantSSH\Validate\SshAuthOptions::NO_AGENT_FORWARDING (no-agent-forwarding option)
// \InstantSSH\Validate\SshAuthOptions::NO_PORT_FORWARDING (no-port-forwarding option)
// \InstantSSH\Validate\SshAuthOptions::NO_PTY (no-pty option)
// \InstantSSH\Validate\SshAuthOptions::NO_USER_RC (no-user-rc option)
// \InstantSSH\Validate\SshAuthOptions::NO_X11_FORWARDING (no-x11-forwarding option)
// \InstantSSH\Validate\SshAuthOptions::PERMITOPEN (permitopen option)
// \InstantSSH\Validate\SshAuthOptions::PRINCIPALS (principals option)
// \InstantSSH\Validate\SshAuthOptions::TUNNEL (tunnel option)
'allowed_ssh_auth_options' => array(
\InstantSSH\Validate\SshAuthOptions::ALL
),
// Shell for SSH users (default: /bin/bash for full SSH and restricted SSH)
//
//
// See man shells(5) for further details.
'shells' => array(
// Shell for full SSH access
'full' => '/bin/bash',
// Shell for restricted SSH access
// If you change this value, don't forget to include the needed shell application section in the `app_sections'
// option below:
//
// /bin/ash requires the `ashshell' application section
// /bin/bash requires the `bashshell' application section
//
'jailed' => '/bin/bash'
),
// Root jail directory (default: /var/chroot/InstantSSH)
//
// Full path to the root jail directory. Be sure that the partition in which this directory is living has enough
// space to host the jails.
//
// WARNING: Don't change this parameter unless you know what you are doing.
'root_jail_dir' => '/var/chroot/InstantSSH',
// Makejail script path
'makejail_path' => __DIR__ . '/bin/makejail',
// Makejail configuration directory (default: <CONF_DIR>/InstantSSH)
'makejail_confdir_path' => $config['CONF_DIR'] . '/InstantSSH',
// pam_chroot configuration file path (default: /etc/security/chroot.conf)
'pam_chroot_conffile_path' => '/etc/security/chroot.conf',
// Jail builder (default: MakeJail)
//
// Available jail builders:
// MakeJail: Create jails using `makejail'. Only the filesystem is isolated using the chroot() system call.
// FireJail: Create jails using `makejail' and isolate them with `FireJail'. FireJail provides a full isolation
// through the Linux kernel, via Linux namespaces, seccomp-bpf and Linux capabilities features.
//
// Note that support for `FireJail' has been added lately and that it is still EXPERIMENTAL.
'jail_builder' => 'MakeJail',
// Shared jail (default: true)
//
// When set to true, only one jail is created for all customers. A shared jail doesn't means that the customers will
// be able to read, modify or delete files of other customers. This simply means that the jail will be shared
// between the customers. The primary purpose of a jailed environment is to protect the main system. Having a jail
// for each customer is interesting only when you want provide a different set of commands for each of them.
//
// Note: The creation of a jail per customer is currently useless because the per customer application feature is
// not implemented yet. This will be implemented in near future.
'shared_jail' => true,
// Preserved files (default: <USER_WEB_DIR>)
//
// On jail update, the plugin won't try to remove files or directories if their path begins with one of the strings
// in this list.
//
// This option can be also defined in the application sections (see below).
//
// WARNING: Do not remove the default entries if you don't know what you are doing.
'preserve_files' => array(
'/home',
$config['USER_WEB_DIR']
),
// Whether or not files from packages that are dependencies of packages listed in the 'packages' option of the
// application sections must be copied within the jails
'include_pkg_deps' => false,
// Application sections (default: bashshell, netutils, dnsutils, editors)
//
// This is the list of application sections which are used to create/update the jails (see below).
// Note that unknown application sections are simply ignored.
'app_sections' => array(
'bashshell',
'netutils',
'dnsutils',
'editors',
'php',
'git',
'composer'
),
// Application sections definitions
//
// Below, you can find the application sections for jailed shell environments. Those application sections are used
// to create and update the jails. They allow you to define which softwares, libraries... must be copied inside the
// jail.
//
// You can select as many application sections as you want by adding them into the `app_sections' configuration
// option above.
//
// It is not recommended to change an application section without understanding its meaning and how it is working.
// Once you know how the a application sections are defined, you can define your own.
//
// Application section options
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~
//
// The following options can be defined in application sections:
//
// paths: List of paths to copy inside the jails.
// discard_paths: List of paths which must be discarded in any case (not copied). This option has a higher precedence
// than the `paths' options.
// create_files: List of files to create inside jail where each key is a file path inside the jail, and the value,
// an associative array describing file properties:
// - user: File owner
// - group: File group
// - mode: File permissions
// create_dirs: List of directories to create inside jail where each key is a directory path inside the jail, and
// the value, an associative array describing directory properties:
// - user: Directory owner
// - group: Directory group
// - mode: Directory permissions
// create_symlinks: List of symlinks to create inside jail where keys are link paths and values are target paths.
// packages: List of Debian packages. Files from those packages will be copied inside jail.
// discard_packages: List of debian packages to discard. (Only relevant if the `include_pkg_deps' configuration
// option is set to true).
// sys_copy_file_to: List of files to copy outside the jail, each of them specified as a key/value pair, where the
// key is the source file path and the value, an associative array describing copy options:
// - destination: destination path
// - preserve: Boolean indicating whether or not user, group and mode must be copied
// jail_copy_file_to: List of files to copy inside the jail, each of them specified as a key/value pair, where the
// key is the source file path and the value, an associative array describing copy options:
// - destination: destination path
// - preserve: Boolean indicating whether or not user, group and mode must be copied
// include_app_sections: List of applications sections to be included (e.g. for dependencies)
// users: List of users to add inside the jail (e.g: in passwd/shadow files).
// groups: List of groups to add inside the jail (e.g: in group/gshadow files).
// preserve_files: List of files to preserve when the jails are updated.
// copy_devices: List of devices to copy inside the jail.
// create_devices: List of devices to create inside the jail, each of them specified as a key/value pair, where the
// key is the device path inside the jail and the value, an associative array describing the device
// properties (see mknod(1)):
// - type: device type (b for block special file, c for character special file, and p for FIFO.
// - mode: device permission bits (in octal)
// - major: Device major number (Required for b and c device type, ignored for p device type)
// - minor: Device minor number (Required for b and c device type, ignored for p device type)
// - owner: Optional Device owner (default: root)
// - group: Optional Device group (default: root)
// fstab: List of fstab entries to add where each value is an array describing an fstab entry (see man fstab).
// create_sys_commands: List of commands to execute outside the jail once built or updated.
// create_sys_commands_args: List of commands to execute outside the jail once built or updated. Any listed command
// will receive the full jail path as argument.
// destroy_sys_commands: List of command to execute outside jail before it get destroyed.
// destroy_sys_commands_args: List of command to execute outside jail before it get destroyed. Any listed command
// will receive the full jail path as argument.
// create_jail_commands: List of commands to execute inside jail once built or updated.
// destroy_jail_commands: List of commands to execute inside jail before it get destroyed.
//
// Notes:
// - Any copied device must exist on the system, else an error is raised (copy_devices option)
// - Any path which doesn't exists on the system is ignored (path option)
// - Any package listed in a package option that is not installed on the system is ignored
// - Command run inside jails must exist inside them
// - Directories specified in paths option are copied recursively
// - File systems specified in the fstab option are mounted automatically inside jail
// - fs_spec filed defined in the fstab option can use the {JAIL_ROOT_DIR} tag to mount fs from jail to jail
// - fs_spec field defined in the fstab option must exists, else an error is raised
// - Mount points defined in the fstab option must be specified without the jail root path
// - Mount points defined in the fstab option must exist
// - The paths and devices options, both support the glob patterns
// - The paths option support search path
// Base devices ( /dev/null, /dev/full, /dev/random, /dev/tty, /dev/urandom, /dev/zero )
'basedevices' => array(
'groups' => array(
'tty'
),
'/dev' => array(
'user' => $config['ROOT_USER'],
'group' => $config['ROOT_GROUP'],
'mode' => 0755
),
'create_devices' => array(
'/dev/null' => array(
'type' => 'c',
'mode' => 0666,
'major' => 1,
'minor' => 3
),
'/dev/full' => array(
'type' => 'c',
'mode' => 0666,
'major' => 1,
'minor' => 7
),
'/dev/random' => array(
'type' => 'c',
'mode' => 0666,
'major' => 1,
'minor' => 8
),
'/dev/tty' => array(
'type' => 'c',
'mode' => 0666,
'major' => 5,
'minor' => 0,
'group' => 'tty'
),
'/dev/urandom' => array(
'type' => 'c',
'mode' => 0666,
'major' => 1,
'minor' => 9
),
'/dev/zero' => array(
'type' => 'c',
'mode' => 0666,
'major' => 1,
'minor' => 5
)
)
),
// Base utilities
'baseutils' => array(
'paths' => array(
'ls', 'cat', 'chmod', 'mkdir', 'cp', 'cpio', 'date', 'dd', 'echo', 'egrep', 'false', 'fgrep', 'grep',
'gunzip', 'gzip', 'ln', 'mktemp', 'more', 'mv', 'pwd', 'rm', 'rmdir', 'ps', 'sed', 'sleep', 'sync', 'tar',
'basename', 'touch', 'true', 'uncompress', 'zcat', '/etc/issue', 'awk', 'bzip2', 'bunzip2', 'ldd', 'less',
'clear', 'cut', 'du', 'find', 'head', 'md5sum', 'nice', 'sort', 'tac', 'tail', 'tr', 'wc', 'watch',
'whoami', 'id', 'hostname', 'lzma', 'xz', 'pbzip2', 'env', 'readlink', 'groups'
)
),
// locales
'locales' => array(
'paths' => array(
'/etc/locale.alias', '/etc/locale.gen', '/usr/lib/locale', '/usr/share/locale', '/usr/share/locale-langpack'
)
),
// Time zone and daylight-saving time data
'tzdata' => array(
'paths' => array(
'/etc/timezone', '/etc/localtime'
),
'packages' => array(
'tzdata'
)
),
// Timezone information and log sockets
'logbasics' => array(
'paths' => array(
'logger'
),
'create_dirs' => array(
'/dev' => array(
'user' => $config['ROOT_USER'],
'group' => $config['ROOT_GROUP'],
'mode' => 0755
)
),
'create_sys_commands_args' => array(
'perl ' . __DIR__ . '/bin/syslogproxyd add'
),
'destroy_sys_commands_args' => array(
'perl ' . __DIR__ . '/bin/syslogproxyd remove'
),
'include_app_sections' => array(
'tzdata'
)
),
// Common files for jails that need internet connectivity
'netbasics' => array(
'paths' => array(
'/etc/hosts', '/etc/host.conf', '/etc/resolv.conf', '/etc/protocols', '/etc/services', '/etc/ssl/certs',
'/lib/libnss_dns.so.2', '/lib64/libnss_dns.so.2', '/lib/i386-linux-gnu/libnss_dns.so.2',
'/lib/x86_64-linux-gnu/libnss_dns.so.2',
)
),
// Common files for SSL support (Secure Socket Layer)
'sslbasics' => array(
'paths' => array(
'/lib/i386-linux-gnu/libcrypto.so.*', '/lib/i386-linux-gnu/libssl.so.*',
'/usr/lib/i386-linux-gnu/i586/libcrypto.so.*', '/usr/lib/i386-linux-gnu/i586/libssl.so.*',
'/usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.*', '/usr/lib/i386-linux-gnu/i686/cmov/libssl.so.*',
'/usr/lib/i386-linux-gnu/libcrypto.so.*', '/usr/lib/i386-linux-gnu/libssl.so.*',
'/usr/lib/i386-linux-gnu/openssl-*', '/lib/x86_64-linux-gnu/libcrypto.so.*',
'/lib/x86_64-linux-gnu/libssl.so.*', '/usr/lib/x86_64-linux-gnu/libcrypto.so.*',
'/usr/lib/x86_64-linux-gnu/libssl.so.*', '/usr/lib/x86_64-linux-gnu/openssl-*'
)
),
// Common files for jails that need user/group information
'uidbasics' => array(
'paths' => array(
'/etc/ld.so.conf', '/etc/ld.so.conf.d', '/etc/passwd', '/etc/group', '/etc/nsswitch.conf', '/lib/libnsl.so.1',
'/lib64/libnsl.so.1', '/lib/i386-linux-gnu/libnsl.so.1', '/lib/x86_64-linux-gnu/libnsl.so.1',
'/lib/libnss*.so.2', '/lib64/libnss*.so.2', '/lib/i386-linux-gnu/libnss*.so.2',
'/lib/x86_64-linux-gnu/libnss*.so.2'
)
),
// Common options for shell application sections
'baseshell' => array(
'users' => array(
$config['ROOT_USER'], 'www-data', 'syslog'
),
'groups' => array(
'adm', $config['ROOT_GROUP'], 'syslog', 'www-data'
),
'paths' => array(
'dircolors', 'tput', '/usr/lib/locale/C.UTF-8'
),
'discard_paths' => array(
'/usr/share/doc', '/usr/share/info', '/usr/share/man', '/etc/fstab', '/etc/mtab', '/proc', '/bin/sh'
),
'create_dirs' => array(
'/dev/pts' => array(
'user' => $config['ROOT_USER'],
'group' => $config['ROOT_GROUP'],
'mode' => 0755
),
'/dev/shm' => array(
'user' => $config['ROOT_USER'],
'group' => $config['ROOT_GROUP'],
'mode' => 01777
),
'/home' => array(
'user' => $config['ROOT_USER'],
'group' => $config['ROOT_GROUP'],
'mode' => 0755
),
'/proc' => array(
'user' => $config['ROOT_USER'],
'group' => $config['ROOT_GROUP'],
'mode' => 0755
),
'/tmp' => array(
'user' => $config['ROOT_USER'],
'group' => $config['ROOT_GROUP'],
'mode' => 01777
),
'/var/log' => array(
'user' => $config['ROOT_USER'],
'group' => $config['ROOT_GROUP'],
'mode' => 0755
),
'/var/tmp' => array(
'user' => $config['ROOT_USER'],
'group' => $config['ROOT_GROUP'],
'mode' => 01777
),
'/run' => array(
'user' => $config['ROOT_USER'],
'group' => $config['ROOT_GROUP'],
'mode' => 0755
),
'/run/lock' => array(
'user' => $config['ROOT_USER'],
'group' => $config['ROOT_GROUP'],
'mode' => 01777
),
'/sys' => array(
'user' => $config['ROOT_USER'],
'group' => $config['ROOT_GROUP'],
'mode' => 0755
)
),
'create_files' => array(
'/var/log/lastlog' => array(
'user' => $config['ROOT_USER'],
'group' => $config['ROOT_GROUP'],
'mode' => 0644
)
),
'include_app_sections' => array(
'basedevices', 'uidbasics', 'logbasics', 'terminfo', 'locales'
),
'jail_copy_file_to' => array(
__DIR__ . '/config/etc/profile' => array(
'destination' => '/etc/profile',
'preserve' => false
)
),
'create_symlinks' => array(
'/dev/ptmx' => '/dev/pts/ptmx',
'/var/run' => '/run',
'/var/lock' => '/run/lock'
),
'fstab' => array(
array(
'fs_spec' => 'devpts',
'fs_file' => '/dev/pts',
'fs_vfstype' => 'devpts',
'fs_mntops' => 'newinstance,gid=5,mode=620,ptmxmode=0666'
),
array(
'fs_spec' => 'tmpfs',
'fs_file' => '/dev/shm',
'fs_vfstype' => 'tmpfs',
'fs_mntops' => 'nodev,nosuid,strictatime,mode=1777,gid=0'
),
array(
'fs_spec' => 'proc',
'fs_file' => '/proc',
'fs_vfstype' => 'proc',
'fs_mntops' => 'rw,nosuid,nodev,noexec'
),
array(
'fs_spec' => '{JAIL_ROOT_DIR}/proc/sys',
'fs_file' => '/proc/sys',
'fs_vfstype' => 'none',
'fs_mntops' => 'rbind,ro,nodev,noexec,nosuid'
),
array(
'fs_spec' => 'sysfs',
'fs_file' => '/sys',
'fs_vfstype' => 'sysfs',
'fs_mntops' => 'ro,nodev,noexec,nosuid'
),
array(
'fs_spec' => '/var/log/lastlog',
'fs_file' => '/var/log/lastlog',
'fs_vfstype' => 'none',
'fs_mntops' => 'bind,slave,ro'
)
),
'create_sys_commands_args' => array(
'perl ' . __DIR__ . '/bin/dovecot_ignore_mount /var/log/lastlog',
'perl ' . __DIR__ . '/bin/dovecot_ignore_mount ' . $config['USER_WEB_DIR'] . '/*'
),
'destroy_sys_commands_args' => array(
'perl ' . __DIR__ . '/bin/dovecot_rm_mount /var/log/lastlog',
'perl ' . __DIR__ . '/bin/dovecot_rm_mount ' . $config['USER_WEB_DIR'] . '/*'
)
),
// ASH shell (BusyBox built-in Almquist shell)
'ashshell' => array(
'paths' => array(
'busybox'
),
'include_app_sections' => array(
'baseshell'
),
'create_symlinks' => array(
'/bin/ash' => '/bin/busybox',
'/bin/sh' => '/bin/busybox'
)
),
// GNU Bourne-Again SHell with restricted set of commands provided by BusyBox multi-call binary
'bashshellbusybox' => array(
'paths' => array(
'bash', '/etc/bash.bashrc', 'busybox',
'wget' # We add system GNU Wget because Wget from busybox doesn't support SSL
),
'include_app_sections' => array(
'baseshell', 'netbasics'
),
'create_sys_commands_args' => array(
'perl ' . __DIR__ . '/bin/busybox_install_symlinks'
),
'create_symlinks' => array(
'/bin/sh' => '/bin/bash'
)
),
// GNU Bourne-Again SHell
'bashshell' => array(
'paths' => array(
'bash', '/etc/bash.bashrc'
),
'include_app_sections' => array(
'baseshell', 'baseutils'
),
'create_symlinks' => array(
'/bin/sh' => '/bin/bash'
)
),
// Provides curl, wget, lynx, ftp, ssh, sftp, scp and rsync
'netutils' => array(
'paths' => array(
'curl', 'ftp', 'lynx', 'wget', '/etc/lynx-cur'
),
'include_app_sections' => array(
'basedevices', 'netbasics', 'scp', 'sftp', 'ssh', 'rsync'
)
),
// Client programs related to DNS (dig, nslookup)
'dnsutils' => array(
'paths' => array(
'dig', 'host', 'nslookup'
),
'include_app_sections' => array(
'netutils', 'sslbasics'
)
),
// OpenSSL
'openssl' => array(
'paths' => array(
'openssl', '/usr/lib/ssl', '/etc/ssl', '/etc/ca-certificates'
),
'include_app_sections' => array(
'sslbasics'
)
),
// Htpasswd utility
'apacheutils' => array(
'paths' => array(
'htpasswd', 'htdigest'
)
),
// SSH secure copy
'scp' => array(
'paths' => array(
'scp'
),
'include_app_sections' => array(
'basedevices', 'netbasics'
),
),
// SSH secure ftp
'sftp' => array(
'paths' => array(
'sftp', '/usr/lib/sftp-server', '/usr/lib/openssh/sftp-server'
),
'include_app_sections' => array(
'basedevices', 'netbasics'
)
),
// SSH secure shell
'ssh' => array(
'paths' => array(
'ssh', '/etc/ssh/ssh_config', '/etc/ssh/ssh_host_*'
),
'include_app_sections' => array(
'basedevices', 'netbasics'
)
),
// Rsync
'rsync' => array(
'paths' => array(
'rsync'
),
'include_app_sections' => array(
'uidbasics', 'netbasics'
)
),
// MySQL command-line tools (mysql, mysqldump)
'mysqltools' => array(
'groups' => array(
'mysql'
),
'paths' => array(
'mysql', 'mysqldump', '/lib/libgcc_s.so.1', '/lib/i386-linux-gnu/libgcc_s.so.1', '/lib64/libgcc_s.so.1',
'/lib/x86_64-linux-gnu/libgcc_s.so.1'
),
'create_dirs' => array(
'/etc/mysql' => array(
'user' => $config['ROOT_USER'],
'group' => $config['ROOT_GROUP'],
'mode' => 0755
)
),
'jail_copy_file_to' => array(
__DIR__ . '/config/etc/mysql/my.cnf' => array(
'destination' => '/etc/mysql/my.cnf',
'preserve' => false
)
)
),
// Common editors
'editors' => array(
'paths' => array(
'joe', 'nano', 'vi', 'vim', '/etc/vim', '/etc/vimrc', '/etc/joe', '/usr/share/vim', '/etc/nanorc',
'/usr/share/nano'
),
'include_app_sections' => array(
'terminfo'
),
'create_symlinks' => array(
'/usr/bin/editor' => '/bin/nano'
)
),
// Midnight Commander
'midnightcommander' => array(
'paths' => array(
'mc', 'mcedit', 'mcview', '/usr/share/mc', '/etc/mc', '/usr/lib/mc'
),
'include_app_sections' => array(
'terminfo'
)
),
// Terminfo databases
'terminfo' => array(
'paths' => array(
'/etc/terminfo', '/lib/terminfo', '/usr/share/terminfo'
)
),
// Git (Fast Version Control System)
'git' => array(
'paths' => array(
'basename', 'uname', '/usr/bin/git*', '/usr/lib/git-core', '/usr/share/git-core'
),
'include_app_sections' => array(
'editors', 'netbasics', 'perl'
)
),
// Perl 5 interpreter and libraries
'perl' => array(
'paths' => array(
'perl', '/etc/perl', '/usr/lib/perl', '/usr/lib/perl5', '/usr/lib/i386-linux-gnu/perl5',
'/usr/lib/i386-linux-gnu/perl', '/usr/lib/i386-linux-gnu/perl-base', '/usr/lib/x86_64-linux-gnu/perl5',
'/usr/lib/x86_64-linux-gnu/perl', '/usr/lib/x86_64-linux-gnu/perl-base',
'/usr/local/lib/x86_64-linux-gnu/perl', '/usr/local/share/perl', '/usr/local/lib/site_perl',
'/usr/share/perl', '/usr/share/perl5'
)
),
// PHP (CLI) and extensions
'php' => array(
'paths' => array(
'php',
'/etc/php*/cli', '/etc/php/*/cli',
'/usr/lib/php*', '/var/lib/php*',
),
'discard_paths' => array(
'/etc/php*/cli/conf.d/suhosin.ini', '/etc/php/*/cli/conf.d/suhosin.ini'
),
'include_app_sections' => array(
'netutils', 'tzdata'
)
),
// Composer (see https://getcomposer.org)
'composer' => array(
'create_dirs' => array(
'/root' => array(
'user' => $config['ROOT_USER'],
'group' => $config['ROOT_GROUP'],
'mode' => 0755
),
'/usr/local/bin' => array(
'user' => $config['ROOT_USER'],
'group' => $config['ROOT_GROUP'],
'mode' => 0755
)
),
'include_app_sections' => array(
'git', 'php'
),
'create_symlinks' => array(
'/usr/local/bin/composer' => '/usr/local/bin/composer.phar'
),
'create_jail_commands' => array(
'curl -sS https://getcomposer.org/installer | php -d date.timezone=UTC -d allow_url_fopen=1 ' .
'-- --install-dir=/usr/local/bin'
)
)
);

Display More

as you can see, nothing particularly different from the original.

itcm · Jun 19th 2019

Hello,

thank you for your beautiful product!

I've tried to find information on the forum but I wasn't lucky, in fact what I want to achieve is to give a customers ssh access inside a chroot (and that's very easy with instantssh), with permission to run php (and that's fine adding php section to config.php) but he also need to run php version compiled inside phpswitcher (/opt/phpswitcher/xxxx/phpx.x/bin/php )

How can I do to make these binary available inside the jail. I've tried to copy "php" section but I didn't understand when and where /usr/bin/php is copied so I'm blocked

Thank you in advance for your help!

itcm · Oct 2nd 2017

Hello,
I've successfully upgraded imscp to 1.5.1, but now I've an issue on phmyadmin.... This is a bug in version 4.7.0 and fixed in 4.7.1 as referenced in: https://github.com/phpmyadmin/…1320e1c66c5f1c2fef00fd3c7
Is it possible to upgrade only the pma tools to a newer version?

Thank you very much

itcm · Aug 18th 2017

Thank you, I'll check again and I'll let you know

itcm · Aug 18th 2017

Quote from Nuxwin

@itcm

The error that you reported is due to the 10_backup_storage_outsourcing.pl which I've disabled on your system.

However there are still many problems on your server:

You're mixing packages from Debian Jessie and Debian Stretch

You've added percona DB repository manually

Your Apache2 installation is totally broken due to mixing packages...

Your server lacks of memory

Thus, this is out of the free support that we provide. You play too much with your server.

Note that you'll not receive further support from us as long as you'll mix packages from different distributions.

Thank you for your understanding.

Display More

Hi Nuxwin, and thank you for your check.
I'll reply one by one:
- I've installed only apache2 from debian stretch because of http2 support, we already discuss about this on another old thread: mod_proxy_fcgi - 1.3.7 - apache 2 stretch
- percona db repository is needed for xtrabackuptools, nothing else
- I trust you
- Yes, it's a testing machine.

Just one thing, how did you reach that problem was made by that listener? I'm not able to find any more information on logs or something like that. Can you explain this to me?
After that I'll try by myself, my problem is to know where the autoinstall hangs up, and who make it hang. Like in this case.

Thank you very much

itcm · Aug 17th 2017

Hi, I opened another thread because previous one is closed.
https://i-mscp.net/index.php/T…7/?postID=55539#post55539
I've correctly upgrade systemd to jessie-backports version, thank you Nuxwin .

But now, it stopped upgrade giving me the same error as before
I've checked if file engine/PerlLib/iMSCP/EventManager.pm is patched and it is.

That's extract from log:

Code

[Wed Aug 16 14:31:44 2017] [debug] iMSCP::DbTasksProcessor::processDbTasks: Processing Modules::User tasks for: altrodominio.tld.com (ID 124)
[Wed Aug 16 14:31:50 2017] [debug] iMSCP::DbTasksProcessor::processDbTasks: Processing Modules::Domain tasks...
[Wed Aug 16 14:31:51 2017] [debug] iMSCP::DbTasksProcessor::processDbTasks: Processing Modules::Domain tasks for: primodominio.tld (ID 5)
[Wed Aug 16 14:42:46 2017] [error] main::setupDbTasks: Unknown error at /usr/local/src/imscp-1.4.7/engine/PerlLib/iMSCP/DbTasksProcessor.pm line 481.
...propagated at /usr/local/src/imscp-1.4.7/engine/PerlLib/iMSCP/DbTasksProcessor.pm line 487.
[Wed Aug 16 14:42:49 2017] [debug] iMSCP::Execute::execute: /usr/bin/dialog --backtitle 'i-MSCP - internet Multi Server Control Panel (1.4.7)' --colors --no-shadow --title 'i-MSCP Installer Dialog' --insecure --cancel-label Back --ok-label Ok --help-label Help --yes-label Yes --exit-label Abort --no-label No --msgbox '\Z1[ERROR]\Zn
Error while performing step:
Processing DB tasks
Error was:
\Z1main::setupDbTasks: Unknown error at /usr/local/src/imscp-1.4.7/engine/PerlLib/iMSCP/DbTasksProcessor.pm line 481.
...propagated at /usr/local/src/imscp-1.4.7/engine/PerlLib/iMSCP/DbTasksProcessor.pm line 487.\Zn
Please have a look at http://i-mscp.net/forum if you need help.
' 36 142
[Wed Aug 16 14:42:53 2017] [debug] iMSCP::Execute::execute: /usr/bin/dialog --backtitle 'i-MSCP - internet Multi Server Control Panel (1.4.7)' --colors --no-shadow --title 'i-MSCP Installer Dialog' --insecure --cancel-label Back --ok-label Ok --help-label Help --yes-label Yes --exit-label Abort --no-label No --msgbox '\Z1[ERROR]\Zn
Error while performing step:
Processing setup tasks
Error was:
\Z1main::setupDbTasks: Unknown error at /usr/local/src/imscp-1.4.7/engine/PerlLib/iMSCP/DbTasksProcessor.pm line 481.
...propagated at /usr/local/src/imscp-1.4.7/engine/PerlLib/iMSCP/DbTasksProcessor.pm line 487.\Zn
Please have a look at http://i-mscp.net/forum if you need help.
' 36 142
[Wed Aug 16 14:43:26 2017] [error] autoinstaller::Functions::install: An error occurred while performing installation steps
[Wed Aug 16 14:43:27 2017] [debug] iMSCP::LockFile::release: Releasing exclusive lock on /var/lock/imscp-backup-imscp.lock
[Wed Aug 16 14:43:27 2017] [debug] iMSCP::LockFile::release: Releasing exclusive lock on /var/lock/awstats_updateall.pl.lock
[Wed Aug 16 14:43:27 2017] [debug] iMSCP::LockFile::release: Releasing exclusive lock on /var/lock/imscp-srv-traff.lock
[Wed Aug 16 14:43:27 2017] [debug] iMSCP::LockFile::release: Releasing exclusive lock on /var/lock/imscp-backup-all.lock
[Wed Aug 16 14:43:27 2017] [debug] iMSCP::LockFile::release: Releasing exclusive lock on /var/lock/imscp-vrl-traff.lock
[Wed Aug 16 14:43:27 2017] [debug] iMSCP::LockFile::release: Releasing exclusive lock on /var/lock/imscp-disable-accounts.lock
[Wed Aug 16 14:43:27 2017] [debug] iMSCP::LockFile::release: Releasing exclusive lock on /var/lock/imscp-dsk-quota.lock
[Wed Aug 16 14:43:27 2017] [debug] iMSCP::LockFile::release: Releasing exclusive lock on /var/lock/imscp.lock

Display More

In any case I must upgrade phpswitcher? Is it possible to upgrade it without web interface?
Thank you very much

itcm · Aug 4th 2017

Thank you Nuxwin. I've patched it and it run more than before.
Now it stopped telling me that:

Code

[ERROR] iMSCP::Stepper::_callback: Couldn't enable the `imscp_daemon' service: iMSCP::Provider::Service::Sysvinit::_exec: Synchronizing state for imscp_daemon.service with sysvinit using update-rc.d...
Executing /usr/sbin/update-rc.d imscp_daemon defaults
Executing /usr/sbin/update-rc.d imscp_daemon enable
Failed to execute operation: Connection timed out at /usr/local/src/imscp-1.4.7/engine/PerlLib/iMSCP/Service.pm line 83.
[ERROR] autoinstaller::Functions::install: An error occurred while performing installation steps

Do you have any other suggestion?
I didn't find anything else in logs.

Thank you

itcm · Aug 3rd 2017

sorry @Nuxwin, i was in a hurry, but you are right. I've edited it. Thanks in advance

itcm · Aug 3rd 2017

Hello,
as i wrote in subject I'm trying to upgrade my imscp 1.3.5 installed on Debian jessie.
First of all I've done these:

Shell-Script

apt-get update, upgrade, dist-upgradecd /usr/local/srcwget https://github.com/i-MSCP/imscp/archive/1.4.7.tar.gztar xvf 1.4.7.tar.gzcd imscp-1.4.7perl contrib/scripts/fix_duplicate_mounts.plpkill -KILL -f vloggerservice cron stopservice imscp_daemon stoppkill -TERM -f imscp

i've updated listeners with new ones

and then:

Shell-Script

perl imscp-autoinstall -d

all run smoothly, but at some point it stopped with this:

Code

Error while performing step:Processing Modules::Domain tasks for: mydomain.tld (ID 5)Error was:\Z1An unexpected error occurred...\ZnPlease have a look at http://i-mscp.net/forum if you need help.

and after pressing ok:

Code

[ERROR] main::setupDbTasks: Unknown error at /usr/local/src/imscp-1.4.7/engine/PerlLib/iMSCP/DbTasksProcessor.pm line 481.
...propagated at /usr/local/src/imscp-1.4.7/engine/PerlLib/iMSCP/DbTasksProcessor.pm line 487.
[ERROR] autoinstaller::Functions::install: An error occurred while performing installation steps

Do you have any suggestion?

thank you very much

Posts by itcm

InstanSSH - Jail with PhpSwitcher

InstanSSH - Jail with PhpSwitcher

InstanSSH - Jail with PhpSwitcher

phpmyadmin upgrade

Unexpected error upgrading from 1.3.5 to .1.4.7 - Again

Unexpected error upgrading from 1.3.5 to .1.4.7 - Again

Unexpected error upgrading from 1.3.5 to .1.4.7 - Again

Unexpected error upgrading from 1.3.5 to .1.4.7

Unexpected error upgrading from 1.3.5 to .1.4.7

Unexpected error upgrading from 1.3.5 to .1.4.7