Chrooted PHP

Discussion in 'Linux Support: RHEL, CentOS, SUSE etc' started by Tuboy, Aug 18, 2018.

  1. Tuboy

    Tuboy New Member

    Hello everybody!

    I am quite new to Open LiteSpeed and as such am a bit struggling. So far I made perfect chroot environment for SSH users on CentOS 7, I am on my way of automating vhost/listener creation, however, I am struggling with ExtApps and the way they properly function.

    What I have is a simple /home/user directory which is just a mount --bind of /var/jail/user/home directory.

    There is a /home/user/public_html/index.php file with the following code:

    <?php
    $output = shell_exec('ls -la / && pwd');
    echo "<pre>$output</pre>";
    echo get_current_user ();
    ?>​

    Basically the code should list the root directory, get the current working directory and user it's been running from. Fortunately, it's working fine, listing the server root directory, getting the correct current directory /home/user/public_html and displaying the correct user: user. The issue is it's displaying the server root directory and not the virtual host directory.

    I am a bit lost and am afraid I am unaware how to correct this one thus I would highly appreciate it if somebody would be able to help me. Basically, within the OLS panel, under Virtual Hosts -> my vhost -> Basic ->

    ExtApp Set UID Mode = DocRoot UID
    Restrained = Yes
    Enable Scripts/ExtApps = Yes

    Virtual Host Root = /home/user/​

    General -> Document Root = $VH_ROOT/public_html
    I am using the standard PHP_SuExec Template and default lsphp External App, which appears to be a VHost ExtApp. Hopefully I have included as much information as need, if anything else is needed please let me know. I will be happy provide with further information, all I want is when I run:

    shell_exec('ls /') to list: /home/user instead of just: /

    Thank you in advance!
     
  2. Pong

    Pong Administrator

    You will need to create an external app under virtual host for each virtual host, for example:

    To use PHP_SuEXEC with OLS , you will need to create lsphp_$vhostname(or any name different between each virtual host and server-server level external app configuration) external app and set it run as "user name" "user group".
     
  3. Tuboy

    Tuboy New Member

    Apologies for the delayed answer, I have been away from my computer.

    Yes, I have already created a custom external app for the vhost within the VHost settings themselves, and have put a suexec user and group, but that doesn't change anything, simply using the shell_exec("ls /"); command in a php file lists the server root and I cannot seem to change that, here are a few screenshots of the current configuration:

    VHost "builder" External App: screen1
    screen1.png
    External App Settings: screen2
    screen2.png
    Script Handler Settings in the VHost settings: screen3
    screen3.png

    Please let me know if I have done something incorrect. The command to the lsphp binary is a compiled PHP 7.1 binary from Remi's yum repo.
     
  4. Pong

    Pong Administrator

    1. You will need to verify through top or ps command to see if lsphps are running as user:group
    2. PHP SuEXEC doesn't equal to "CHROOT", is for shared hosting user to run PHP as "user:group", as long as "user:group" has access to it, but not limited PHP to any folder. You can try something open_basedir from php. More securely, If you want to limit a user to a real chroot cage, please consider CloudLinux system.
    https://docs.cloudlinux.com/index.html?cagefs.html
     

Share This Page