On Your plesk server you may find that enabling a shell other than the chrooted shell is not viable for security and privacy, for example on a shared server. when doing so you may find that some applications are not available, as this is not intended to provide access to all programs and features you would notmally have with direct shell access and in most cases you would not want to provide full functionality, if this is required then the user would idealy need their own server/vps where they are the sole user and have full access to make changes as they require where as on a shared system providing full access is not advised and not suitable in most instances.
You can add more programs to the chroot with the below script which you can obtain from here or directly from the Plesk site, see referance at bottom of page. To added the script and start adding aplications to the chroot follow the below.
Connect to the server via SSH as an administrator (root).
Download and extract the script.
wget https://support.plesk.com/hc/en-us/article_attachments/360010348440/update_chroot.tar.gz
tar xf update_chroot.tar.gz
Run the script with the --add
flag and the executable path or name:
./update_chroot.sh --add dash
Note: Not all software can operate in chroot environments. You should check the software documentation to ensure the program can be added to a chroot environment.
Update changes to the template for subscriptions that use chroot:
./update_chroot.sh --apply all
Note: For CloudLinux's CageFS it might be required to add program to CageFS instead through cagefsctl --addrpm package_name: CageFS Command-line Tools
Script:
Add Plesk PHP to the template:
Some programs require not only libraries with which the main binary is linked, but also configuration files and plugins. An example of such a program is PHP.
Note: Adding PHP to the chrooted environment will not benefit the security of PHP scripts on the website (as PHP scripts are executed in a non-chrooted context by web-server or by FPM process pool).
Add the PHP binary:
./update_chroot.sh --add /opt/plesk/php/7.4/bin/php
Note: In order to use a different PHP version change 7.4 to the desired version, for example, 7.3 for Plesk PHP 7.3.
Add timezone definitions:
mkdir -p /var/www/vhosts/chroot/usr/share
cp -a /usr/share/zoneinfo /var/www/vhosts/chroot/usr/share/zoneinfo
Warning: Without them, PHP will produce the error whenever date/time functions are used: glibc detected php: free(): invalid pointer: 0x00007f11249fccd8 ***
Add PHP extensions. They are not added on the first step because PHP binary does not depend on them.
for i in /opt/plesk/php/7.4/lib64/php/modules/*.so; do ./update_chroot.sh --add $i; done
Copy PHP configuration:
cp -a /opt/plesk/php/7.4/etc /var/www/vhosts/chroot/opt/plesk/php/7.4/
Set up default timezone:
sed -i.bkp 's/;date.timezone =/date.timezone = Europe\/London/' /var/www/vhosts/chroot/opt/plesk/php/7.4/etc/php.ini
Note: By default the date.timezone variable is not set, which can result in some PHP scripts failing to parse the output of date("r") call, because it will return warning before returning date.
Apply changes to either of the selected domains (provided in the form of a space-separated list) or to all domains at once:
./update_chroot.sh --apply all
Note: Changes will not be applied if the SSH Access to the server is not configured as "/bin/bash (chrooted)".
Note: Use the full path to executable as user, e.g.:
/opt/plesk/php/7.4/bin/php
Add PHP Composer with the data files to the template
./update_chroot.sh --add composer
mkdir -p /var/www/vhosts/chroot/usr/lib64/plesk-9.0/
cp -a /usr/lib64/plesk-9.0/composer.phar /var/www/vhosts/chroot/usr/lib64/plesk-9.0/
Add programs required for the Composer functioning to the template:
./update_chroot.sh --add env
Apply template changes to all domains:
./update_chroot.sh --apply all