From 1fd5805652991f2dc4195892896677c175b387b9 Mon Sep 17 00:00:00 2001
From: Michael Seevogel <git@michaelseevogel.de>
Date: Wed, 26 Feb 2025 14:16:47 +0100
Subject: [PATCH] Updated PHP Shell/Jailkit code
---
install/tpl/jk_init_el.ini.master | 28 +++----
server/conf/bashrc_user_deb.master | 2 -
server/conf/bashrc_user_generic.master | 2 +-
server/conf/bashrc_user_redhat.master | 4 +-
.../cron.d/600-jailkit_maintenance.inc.php | 9 ++-
server/lib/classes/system.inc.php | 81 ++++++++++++-------
.../cron_jailkit_plugin.inc.php | 16 ++--
.../shelluser_base_plugin.inc.php | 45 +++++++++--
.../shelluser_jailkit_plugin.inc.php | 78 +++++++++---------
9 files changed, 157 insertions(+), 108 deletions(-)
diff --git a/install/tpl/jk_init_el.ini.master b/install/tpl/jk_init_el.ini.master
index 2f4ae5afe2..d56247f7b6 100644
--- a/install/tpl/jk_init_el.ini.master
+++ b/install/tpl/jk_init_el.ini.master
@@ -1,7 +1,7 @@
# jk_init.ini: jailkit initialization config
# Includes paths to handle Enterprise Linux systems like RHEL and its derivatives AlmaLinux, Rocky Linux et cetera
-# if other paths are needed please create an issue with the details or a merge request at:
+# if other paths are needed please create an issue with the details or even a merge request at:
# https://git.ispconfig.org/ispconfig/ispconfig3
[uidbasics]
@@ -202,67 +202,67 @@ includesections = env, logbasics, netbasics, mysqlutils, webutils, imagemagick
[php5_4]
comment = PHP 5.4
-paths = /opt/remi/php54/root/bin/php, /opt/remi/php54/root/bin/phar, /opt/remi/php54/root/usr/lib64/, /opt/remi/php54/root/usr/share/
+paths = /opt/remi/php54/root/bin/php, /usr/bin/php54, /opt/remi/php54/root/bin/phar, /opt/remi/php54/root/usr/lib64/, /opt/remi/php54/root/usr/share/
includesections = php_common
[php5_5]
comment = PHP 5.5
-paths = /opt/remi/php55/root/bin/php, /opt/remi/php55/root/bin/phar, /opt/remi/php55/root/usr/lib64/, /opt/remi/php55/root/usr/share/
+paths = /opt/remi/php55/root/bin/php, /usr/bin/php55, /opt/remi/php55/root/bin/phar, /opt/remi/php55/root/usr/lib64/, /opt/remi/php55/root/usr/share/
includesections = php_common
[php5_6]
comment = PHP 5.6
-paths = /opt/remi/php56/root/bin/php, /opt/remi/php56/root/bin/phar, /opt/remi/php56/root/usr/lib64/, /opt/remi/php56/root/usr/share/
+paths = /opt/remi/php56/root/bin/php, /usr/bin/php56, /opt/remi/php56/root/bin/phar, /opt/remi/php56/root/usr/lib64/, /opt/remi/php56/root/usr/share/
includesections = php_common
[php7_0]
comment = PHP 7.0
-paths = /opt/remi/php70/root/bin/php, /opt/remi/php70/root/bin/phar, /opt/remi/php70/root/usr/lib64/, /opt/remi/php70/root/usr/share/
+paths = /opt/remi/php70/root/bin/php, /usr/bin/php70, /opt/remi/php70/root/bin/phar, /opt/remi/php70/root/usr/lib64/, /opt/remi/php70/root/usr/share/
includesections = php_common
[php7_1]
comment = PHP 7.1
-paths = /opt/remi/php71/root/bin/php, /opt/remi/php71/root/bin/phar, /opt/remi/php71/root/usr/lib64/, /opt/remi/php71/root/usr/share/
+paths = /opt/remi/php71/root/bin/php, /usr/bin/php71, /opt/remi/php71/root/bin/phar, /opt/remi/php71/root/usr/lib64/, /opt/remi/php71/root/usr/share/
includesections = php_common
[php7_2]
comment = PHP 7.2
-paths = /opt/remi/php72/root/bin/php, /opt/remi/php72/root/bin/phar, /opt/remi/php72/root/usr/lib64/, /opt/remi/php72/root/usr/share/
+paths = /opt/remi/php72/root/bin/php, /usr/bin/php72, /opt/remi/php72/root/bin/phar, /opt/remi/php72/root/usr/lib64/, /opt/remi/php72/root/usr/share/
includesections = php_common
[php7_3]
comment = PHP 7.3
-paths = /opt/remi/php73/root/bin/php, /opt/remi/php73/root/bin/phar, /opt/remi/php73/root/usr/lib64/, /opt/remi/php73/root/usr/share/
+paths = /opt/remi/php73/root/bin/php, /usr/bin/php73, /opt/remi/php73/root/bin/phar, /opt/remi/php73/root/usr/lib64/, /opt/remi/php73/root/usr/share/
includesections = php_common
[php7_4]
comment = PHP 7.4
-paths = /opt/remi/php74/root/bin/php, /opt/remi/php74/root/bin/phar, /opt/remi/php74/root/usr/lib64/, /opt/remi/php74/root/usr/share/
+paths = /opt/remi/php74/root/bin/php, /usr/bin/php74, /opt/remi/php74/root/bin/phar, /opt/remi/php74/root/usr/lib64/, /opt/remi/php74/root/usr/share/
includesections = php_common
[php8_0]
comment = PHP 8.0
-paths = /opt/remi/php80/root/bin/php, /opt/remi/php80/root/bin/phar, /opt/remi/php80/root/usr/lib64/, /opt/remi/php80/root/usr/share/
+paths = /opt/remi/php80/root/bin/php, /usr/bin/php80, /opt/remi/php80/root/bin/phar, /opt/remi/php80/root/usr/lib64/, /opt/remi/php80/root/usr/share/
includesections = php_common
[php8_1]
comment = PHP 8.1
-paths = /opt/remi/php81/root/bin/php, /opt/remi/php81/root/bin/phar, /opt/remi/php81/root/usr/lib64/, /opt/remi/php81/root/usr/share/
+paths = /opt/remi/php81/root/bin/php, /usr/bin/php81, /opt/remi/php81/root/bin/phar, /opt/remi/php81/root/usr/lib64/, /opt/remi/php81/root/usr/share/
includesections = php_common
[php8_2]
comment = PHP 8.2
-paths = /opt/remi/php82/root/bin/php, /opt/remi/php82/root/bin/phar, /opt/remi/php82/root/usr/lib64/, /opt/remi/php82/root/usr/share/
+paths = /opt/remi/php82/root/bin/php, /usr/bin/php82, /opt/remi/php82/root/bin/phar, /opt/remi/php82/root/usr/lib64/, /opt/remi/php82/root/usr/share/
includesections = php_common
[php8_3]
comment = PHP 8.3
-paths = /opt/remi/php83/root/bin/php, /opt/remi/php83/root/bin/phar, /opt/remi/php83/root/usr/lib64/, /opt/remi/php83/root/usr/share/
+paths = /opt/remi/php83/root/bin/php, /usr/bin/php83, /opt/remi/php83/root/bin/phar, /opt/remi/php83/root/usr/lib64/, /opt/remi/php83/root/usr/share/
includesections = php_common
[php8_4]
comment = PHP 8.4
-paths = /opt/remi/php84/root/bin/php, /opt/remi/php84/root/bin/phar, /opt/remi/php84/root/usr/lib64/, /opt/remi/php84/root/usr/share/
+paths = /opt/remi/php84/root/bin/php, /usr/bin/php84, /opt/remi/php84/root/bin/phar, /opt/remi/php84/root/usr/lib64/, /opt/remi/php84/root/usr/share/
includesections = php_common
[imagemagick]
diff --git a/server/conf/bashrc_user_deb.master b/server/conf/bashrc_user_deb.master
index 2e49857c9f..a690d612ae 100644
--- a/server/conf/bashrc_user_deb.master
+++ b/server/conf/bashrc_user_deb.master
@@ -92,12 +92,10 @@ fi
#alias la='ls -A'
#alias l='ls -CF'
-<tmpl_if name='jailkit_chroot' op='==' value='n'>
<tmpl_if name='use_php_path'>
# Overwrite the PHP cli binaries by using $PATH:
export PATH=<tmpl_var name='php_bin_dir'>:$PATH
</tmpl_if>
-</tmpl_if>
# Alias definitions.
# You may want to put all your additions into a separate file like
diff --git a/server/conf/bashrc_user_generic.master b/server/conf/bashrc_user_generic.master
index 17b7347efc..61239b1375 100644
--- a/server/conf/bashrc_user_generic.master
+++ b/server/conf/bashrc_user_generic.master
@@ -23,8 +23,8 @@ if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]]
then
PATH="$HOME/.local/bin:$HOME/bin:$PATH"
fi
-export PATH
+export PATH
# Source custom bashrc files
if [ -d ~/.bashrc.d ]
diff --git a/server/conf/bashrc_user_redhat.master b/server/conf/bashrc_user_redhat.master
index c3d24e306e..5f5b6ff608 100644
--- a/server/conf/bashrc_user_redhat.master
+++ b/server/conf/bashrc_user_redhat.master
@@ -34,10 +34,8 @@ if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]]
then
PATH="$HOME/.local/bin:$HOME/bin:$PATH"
fi
-export PATH
-# Uncomment the following line if you don't like systemctl's auto-paging feature:
-# export SYSTEMD_PAGER=
+export PATH
# Source custom bashrc files
if [ -d ~/.bashrc.d ]
diff --git a/server/lib/classes/cron.d/600-jailkit_maintenance.inc.php b/server/lib/classes/cron.d/600-jailkit_maintenance.inc.php
index bf838caaed..e382cf04f2 100644
--- a/server/lib/classes/cron.d/600-jailkit_maintenance.inc.php
+++ b/server/lib/classes/cron.d/600-jailkit_maintenance.inc.php
@@ -88,10 +88,15 @@ class cronjob_jailkit_maintenance extends cronjob {
}
$shelluser_list = $app->db->queryAllRecords("SELECT * FROM shell_user WHERE parent_domain_id = ? and chroot = 'jailkit' and active = 'y'", $rec['domain_id']);
- $cronjob_list = $app->db->queryAllRecords("SELECT * FROM cron WHERE parent_domain_id = ? and type = 'chrooted' and active = 'y'", $rec['domain_id']);
- if(is_array($cronjob_list) && !empty($cronjob_list) || is_array($shelluser_list) && !empty($shelluser_list)) {
+ if(is_array($shelluser_list) && !empty($shelluser_list)) {
$options['jk_php_maintenance_check'] = "yes";
+ $options['homedir_usernames'] = array();
+
+ foreach($shelluser_list as $shelluser) {
+ $options['homedir_usernames'][] = $shelluser['username'];
+ }
+
} else {
$options['jk_php_maintenance_check'] = "no";
diff --git a/server/lib/classes/system.inc.php b/server/lib/classes/system.inc.php
index 3742672840..a938005e03 100644
--- a/server/lib/classes/system.inc.php
+++ b/server/lib/classes/system.inc.php
@@ -2555,7 +2555,7 @@ class system{
} elseif(is_string($app_sections)) {
$app_sections = preg_split('/[\s,]+/', $app_sections);
}
- if(! is_array($options)) {
+ if(!is_array($options)) {
$options = (is_string($options) ? preg_split('/[\s,]+/', $options) : array());
}
@@ -2588,8 +2588,15 @@ class system{
// Initialize the chroot into the specified directory with the specified applications
$cmd = 'jk_init' . $program_args;
+ $app->log("Executing command: $cmd", LOGLEVEL_DEBUG);
$this->exec_safe($cmd, $home_dir);
+ // Check for errors in the command execution
+ if ($this->last_exec_retcode() != 0) {
+ $app->log("Error executing jk_init command: " . implode("\n", $this->last_exec_out()), LOGLEVEL_ERROR);
+ return false;
+ }
+
// Create the tmp and /var/run directories
if(!is_dir($home_dir . '/tmp')) {
$this->mkdirpath($home_dir . '/tmp', 0770);
@@ -2694,6 +2701,8 @@ class system{
global $app;
$app->log("update_jailkit_chroot called for $home_dir with options ".print_r($options, true), LOGLEVEL_DEBUG);
+ $app->log("update_jailkit_chroot called for $home_dir with sections ".print_r($sections, true), LOGLEVEL_DEBUG);
+
$app->uses('ini_parser');
// Disallow operating on root directory
@@ -2738,7 +2747,7 @@ class system{
$jk_cp_args .= ' -f';
break;
default:
- if (preg_match('@^skip[ =]/?(.+)$@', $opt, $matches) ) {
+ if (is_string($opt) && preg_match('@^skip[ =]/?(.+)$@', $opt, $matches) ) {
if (in_array($matches[1], $jailkit_directories)) {
$app->log("update_jailkit_chroot: skipping update of jailkit directory $home_dir/".$matches[1]
. "; if this is in use as a web folder, it is insecure and should be fixed.", LOGLEVEL_WARN);
@@ -2877,37 +2886,48 @@ class system{
$this->chmod($home_dir . '/var/tmp', 0770, true);
}
- $os_type = $app->system->get_os_type();
- if (isset($os_type['type'])) {
- $used_os_type = $os_type['type'];
- } else {
- $used_os_type = 'unknown';
- }
+ // If update_jailkit_chroot was called from cronjob 600-jailkit.inc.php, we need to check if the PHP cli binary is available in the jail
+ if(isset($options['jk_php_maintenance_check']) && $options['jk_php_maintenance_check'] == 'yes') {
+ $os_type = $app->system->get_os_type();
+ $used_os_type = isset($os_type['type']) ? $os_type['type'] : 'unknown';
+
+ if(is_array($options['homedir_usernames']) && !empty($options['homedir_usernames'])) {
+ foreach($options['homedir_usernames'] as $homedir_username) {
- if($options['jk_php_maintenance_check'] == 'yes') {
- $alternatives_php = $home_dir . '/etc/alternatives/php';
+ if($used_os_type == "debian" || $used_os_type == "ubuntu") {
+ $php_binary = $home_dir . '/etc/alternatives/php';
+ } elseif ($used_os_type == "redhat") {
+ $php_binary = $home_dir . '/home/' . $homedir_username . '/.local/bin/php';
+ } else {
+ $php_binary = $home_dir . '/home/' . $homedir_username . '/.local/bin/php';
+ }
- if(!empty($options['php_cli_binary'])) {
- $php_bin_dir = dirname($options['php_cli_binary']);
- if(!file_exists($home_dir . '/' . $options['php_cli_binary'])) {
- $app->log("update_jailkit_chroot: The PHP cli binary " . $options['php_cli_binary'] . " is not available in the jail of the web " . $options['domain'], LOGLEVEL_DEBUG);
+ if(!empty($options['php_cli_binary'])) {
+ $php_bin_dir = dirname($options['php_cli_binary']);
+ if(!file_exists($home_dir . '/' . $options['php_cli_binary'])) {
+ $app->log("update_jailkit_chroot: The PHP cli binary " . $options['php_cli_binary'] . " is not available in the jail of the web " . $options['domain'], LOGLEVEL_DEBUG);
- $fallback_php = $app->system->get_newest_php_bin($home_dir . $php_bin_dir);
- $fallback_php_bin = str_replace($home_dir, '', $fallback_php);
+ $fallback_php = $app->system->get_newest_php_bin($home_dir . $php_bin_dir);
+ $fallback_php_bin = str_replace($home_dir, '', $fallback_php);
- if(!empty($fallback_php) && file_exists($fallback_php_bin)) {
- if(is_link($alternatives_php) || is_file($alternatives_php) || !file_exists($alternatives_php)) {
- unlink($alternatives_php);
- symlink($fallback_php_bin, $alternatives_php);
- $app->log("update_jailkit_chroot: Found " . $fallback_php_bin . " as a fallback for alternatives/php in the jail of " . $options['domain'], LOGLEVEL_DEBUG);
- }
- }
- } else {
- if($used_os_type == "debian" || $$used_os_type == "ubuntu") {
- $app->log("update_jailkit_chroot: setting alternatives/php to " . $options['php_cli_binary'], LOGLEVEL_DEBUG);
- if(is_link($alternatives_php) || is_file($alternatives_php) || !file_exists($alternatives_php)) {
- unlink($alternatives_php);
- symlink($options['php_cli_binary'], $alternatives_php);
+ if(!empty($fallback_php) && file_exists($fallback_php_bin)) {
+ if(is_link($php_binary) || is_file($php_binary) || !file_exists($php_binary)) {
+ unlink($php_binary);
+ symlink($fallback_php_bin, $php_binary);
+ $app->log("update_jailkit_chroot: Found " . $fallback_php_bin . " as a fallback for PHP in the jail of " . $options['domain'], LOGLEVEL_DEBUG);
+ }
+ }
+ } else {
+ $app->log("update_jailkit_chroot: setting PHP to " . $options['php_cli_binary'], LOGLEVEL_DEBUG);
+ if(is_link($php_binary) || is_file($php_binary) || !file_exists($php_binary)) {
+ unlink($php_binary);
+ symlink($options['php_cli_binary'], $php_binary);
+ if($used_os_type == "debian" || $$used_os_type == "ubuntu") {
+ if(file_exists($home_dir . '/home/' . $homedir_username . '/.local/bin/php')) {
+ unlink($home_dir . '/home/' . $homedir_username . '/.local/bin/php');
+ }
+ }
+ }
}
}
}
@@ -3096,8 +3116,7 @@ class system{
while(false !== ($entry = readdir($handle))) {
$full_path = $bin_directory . '/' . $entry;
// Check if the filename matches a pattern for commonly available PHP CLI binaries
- // and ensure they are not symbolic links
- if(preg_match('/^php(\d{1,2}\.?\d{1,2})?$/', $entry) && !is_link($full_path) && is_file($full_path)) {
+ if(preg_match('/^php(\d{1,2}\.?\d{1,2})?$/', $entry) && file_exists($full_path)) {
$php_binaries[] = $entry;
}
}
diff --git a/server/plugins-available/cron_jailkit_plugin.inc.php b/server/plugins-available/cron_jailkit_plugin.inc.php
index 5ef6384445..76de9d84d6 100644
--- a/server/plugins-available/cron_jailkit_plugin.inc.php
+++ b/server/plugins-available/cron_jailkit_plugin.inc.php
@@ -83,6 +83,8 @@ class cron_jailkit_plugin {
LEFT JOIN server_php ON web_domain.server_php_id = server_php.server_php_id
WHERE web_domain.domain_id = ?", $data["new"]["parent_domain_id"]);
+ $this->parent_domain = $parent_domain;
+
if(!$parent_domain["domain_id"]) {
$app->log("Parent domain not found", LOGLEVEL_WARN);
return 0;
@@ -135,7 +137,7 @@ class cron_jailkit_plugin {
$this->_add_jailkit_user();
- $this->_setup_php_jailkit();
+ //$this->_setup_php_jailkit();
$command .= 'usermod -U ? 2>/dev/null';
$app->system->exec_safe($command, $parent_domain["system_user"]);
@@ -168,6 +170,8 @@ class cron_jailkit_plugin {
LEFT JOIN server_php ON web_domain.server_php_id = server_php.server_php_id
WHERE web_domain.domain_id = ?", $data["new"]["parent_domain_id"]);
+ $this->parent_domain = $parent_domain;
+
if(!$parent_domain["domain_id"]) {
$app->log("Parent domain not found", LOGLEVEL_WARN);
return 0;
@@ -191,14 +195,14 @@ class cron_jailkit_plugin {
$app->uses("getconf");
$this->data = $data;
$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
- foreach (array('jailkit_chroot_app_sections', 'jailkit_chroot_app_programs') as $section) {
+ foreach(array('jailkit_chroot_app_sections', 'jailkit_chroot_app_programs') as $section) {
// Replace and don't inherit the server's Jailkit config
- if (isset($parent_domain[$section]) && $parent_domain[$section] != '' ) {
+ if(isset($parent_domain[$section]) && $parent_domain[$section] != '' ) {
$this->jailkit_config[$section] = $parent_domain[$section];
}
// Add selected PHP version to the jailkit chroot
- if ($section == 'jailkit_chroot_app_sections') {
- if (isset($parent_domain['php_jk_section']) && $parent_domain['php_jk_section'] != '' ) {
+ if($section == 'jailkit_chroot_app_sections') {
+ if(isset($parent_domain['php_jk_section']) && $parent_domain['php_jk_section'] != '' ) {
$this->jailkit_config['jailkit_chroot_app_sections'] = $this->jailkit_config['jailkit_chroot_app_sections'] . ' ' . $parent_domain['php_jk_section'];
$jk_temp_config = preg_split('/[\s,]+/', $this->jailkit_config['jailkit_chroot_app_sections']);
@@ -217,7 +221,7 @@ class cron_jailkit_plugin {
$this->_add_jailkit_user();
- $this->_setup_php_jailkit();
+ //$this->_setup_php_jailkit();
$this->_update_website_security_level();
diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php
index 0593b475b8..113f965d18 100755
--- a/server/plugins-available/shelluser_base_plugin.inc.php
+++ b/server/plugins-available/shelluser_base_plugin.inc.php
@@ -210,7 +210,9 @@ fi
$app->system->chgrp($homedir.'/.bashrc.d', $data['new']['pgroup']);
}
- $this->_add_user_bashrc();
+ if($data['new']['chroot'] != 'jailkit') {
+ $this->_add_user_bashrc();
+ }
// Create symlinks for conveniance, SFTP user should not land in an empty dir.
if(!is_link($homedir.'/web')) symlink('../../web', $homedir.'/web');
@@ -363,8 +365,9 @@ fi
$app->system->chgrp($homedir.'/.bashrc.d', $data['new']['pgroup']);
}
- $this->_add_user_bashrc();
-
+ if($data['new']['chroot'] != 'jailkit') {
+ $this->_add_user_bashrc();
+ }
//* Add webfolder protection again
$app->system->web_folder_protection($web['document_root'], true);
} else {
@@ -625,6 +628,12 @@ fi
$used_os_type = 'unknown';
}
+ if($this->data['new']['chroot'] == "jailkit") {
+ $is_jailed = true;
+ } else {
+ $is_jailed = false;
+ }
+
if($used_os_type == "debian" || $used_os_type == "ubuntu") {
$tpl->newTemplate("bashrc_user_deb.master");
} elseif($used_os_type == "redhat") {
@@ -639,17 +648,37 @@ fi
if(($this->web['server_php_id'] > 0) && !empty($this->web['php_cli_binary'])) {
$php_bin_dir = dirname($this->web['php_cli_binary']);
$home_php = $user_home_dir . '/.local/bin' . '/php';
+ if ($is_jailed === true) {
+ $real_php_bin_dir = $this->web['document_root'] . $php_bin_dir;
+ } else {
+ $real_php_bin_dir = $php_bin_dir;
+ }
if(preg_match('/^(\/usr\/(s)?bin|\/(s)?bin)/', $php_bin_dir)) {
$tpl->setVar('use_php_path', false);
if(!is_dir($user_home_dir . '/.local/bin')) $app->system->mkdirpath($user_home_dir . '/.local/bin', 0750, $this->data['new']['username'], $this->data['new']['pgroup']);
- if(is_link($home_php) || is_file($home_php) || !file_exists($home_php)) {
- unlink($home_php);
- symlink($this->web['php_cli_binary'], $home_php);
- } else {
- symlink($this->web['php_cli_binary'], $home_php);
+ if(!empty($app->system->get_newest_php_bin($real_php_bin_dir))) {
+ $fallback_php = $app->system->get_newest_php_bin($real_php_bin_dir);
+ $fallback_php_bin = str_replace($this->web['document_root'], '', $fallback_php);
+
+ if(!empty($fallback_php) && file_exists($fallback_php_bin)) {
+ if(is_link($home_php) || is_file($home_php) || !file_exists($home_php)) {
+ unlink($home_php);
+ symlink($fallback_php_bin, $home_php);
+ //$app->log("Found " . $fallback_php_bin . " as a fallback for PHP in the jail of ". $this->web['domain'], LOGLEVEL_DEBUG);
+ }
+ } else {
+
+ if(is_link($home_php) || is_file($home_php) || !file_exists($home_php))
+ {
+ unlink($home_php);
+ symlink($this->web['php_cli_binary'], $home_php);
+ } else {
+ symlink($this->web['php_cli_binary'], $home_php);
+ }
+ }
}
} else {
diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php
index 9b99eadbdf..83c124ea77 100755
--- a/server/plugins-available/shelluser_jailkit_plugin.inc.php
+++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php
@@ -212,7 +212,7 @@ class shelluser_jailkit_plugin {
if($app->system->is_user($data['new']['puser'])) {
- $web = $app->db->queryOneRecord("SELECT web_domain.*, server_php.php_jk_section
+ $web = $app->db->queryOneRecord("SELECT web_domain.*, server_php.php_jk_section, server_php.php_cli_binary
FROM web_domain
LEFT JOIN server_php ON web_domain.server_php_id = server_php.server_php_id
WHERE web_domain.domain_id = ?", $data["new"]["parent_domain_id"]);
@@ -251,6 +251,7 @@ class shelluser_jailkit_plugin {
$this->jailkit_config[$section] = array_unique($jk_temp_config, SORT_REGULAR);
sort($this->jailkit_config[$section], SORT_STRING);
}
+
}
}
@@ -411,6 +412,7 @@ class shelluser_jailkit_plugin {
$programs = $this->jailkit_config['jailkit_chroot_app_programs'] . ' '
. $this->jailkit_config['jailkit_chroot_cron_programs'];
+
if ($update_hash == $web['last_jailkit_hash']) {
return;
}
@@ -732,22 +734,20 @@ class shelluser_jailkit_plugin {
// Create .bashrc file
$app->load('tpl');
-
$tpl = new tpl();
$os_type = $app->system->get_os_type();
- if (isset($os_type['type'])) {
- $used_os_type = $os_type['type'];
- } else {
- $used_os_type = 'unknown';
- }
+ $used_os_type = isset($os_type['type']) ? $os_type['type'] : 'unknown';
if($used_os_type == "debian" || $used_os_type == "ubuntu") {
$tpl->newTemplate("bashrc_user_deb.master");
- } elseif($used_os_type == "redhat") {
+ $php_binary = $this->web['document_root'] . '/etc/alternatives/php';
+ } elseif ($used_os_type == "redhat") {
$tpl->newTemplate("bashrc_user_redhat.master");
+ $php_binary = $this->web['document_root'] . '/home/' . $this->data['new']['username'] . '/.local/bin/php';
} else {
$tpl->newTemplate("bashrc_user_generic.master");
+ $php_binary = $this->web['document_root'] . '/home/' . $this->data['new']['username'] . '/.local/bin/php';
}
// Predefine some template vars
@@ -755,51 +755,49 @@ class shelluser_jailkit_plugin {
$tpl->setVar('domain', $this->web['domain']);
$tpl->setVar('home_dir', $this->_get_home_dir(""));
- $tpl->setVar('use_php_path', false);
+ $php_bin_dir = dirname($this->web['php_cli_binary']);
+ $php_binary_path = $this->web['document_root'] . '/' . $this->web['php_cli_binary'];
- if(($this->web['server_php_id'] > 0) && !empty($this->web['php_cli_binary'])) {
- $php_bin_dir = dirname($this->web['php_cli_binary']);
- $alternatives_php = $this->web['document_root'] . '/etc/alternatives/php';
+ if(preg_match('/^(\/usr\/(s)?bin|\/(s)?bin)/', $php_bin_dir)) {
+ // Use symlink if PHP binary is in /usr/(s)?bin or /(s)?bin
+ $tpl->setVar('use_php_path', false);
- if(preg_match('/^(\/usr\/(s)?bin|\/(s)?bin)/', $php_bin_dir)) {
- $tpl->setVar('use_php_path', false);
- } else {
- $tpl->setVar('use_php_path', true);
- $tpl->setVar('php_bin_dir', $php_bin_dir);
- }
-
- if(!file_exists($this->web['document_root'] . '/' . $this->web['php_cli_binary'])) {
- $app->log("The PHP cli binary " . $this->web['php_cli_binary'] . " is not available in the jail of the web " . $this->web['domain'] . " / SSH/SFTP user: " . $this->data['new']['username'] . ". Check your Jailkit setup!", LOGLEVEL_DEBUG);
- $tpl->setVar('use_php_path', false);
+ if(!file_exists($php_binary_path)) {
+ $app->log("The PHP cli binary " . $this->web['php_cli_binary'] . " is not available in the jail of the web " . $this->web['domain'] . " / SSH/SFTP user: " . $this->data['new']['username'] . ". Check your Jailkit setup!", LOGLEVEL_DEBUG);
- if(!empty($app->system->get_newest_php_bin($this->web['document_root'] . $php_bin_dir))) {
- $fallback_php = $app->system->get_newest_php_bin($this->web['document_root'] . $php_bin_dir);
+ $fallback_php = $app->system->get_newest_php_bin($this->web['document_root'] . $php_bin_dir);
+ if (!empty($fallback_php)) {
$fallback_php_bin = str_replace($this->web['document_root'], '', $fallback_php);
- if(!empty($fallback_php) && file_exists($fallback_php_bin)) {
- if(is_link($alternatives_php) || is_file($alternatives_php) || !file_exists($alternatives_php)) {
- unlink($alternatives_php);
- symlink($fallback_php_bin, $alternatives_php);
- $app->log("Found " . $fallback_php_bin . " as a fallback for alternatives/php in the jail of ". $this->web['domain'], LOGLEVEL_DEBUG);
+ if(file_exists($fallback_php_bin)) {
+ if(is_link($php_binary) || is_file($php_binary) || !file_exists($php_binary)) {
+ unlink($php_binary);
}
+ symlink($fallback_php_bin, $php_binary);
+ $app->log("Found " . $fallback_php_bin . " as a fallback PHP binary in the jail of " . $this->web['domain'], LOGLEVEL_DEBUG);
}
}
-
} else {
- if($used_os_type == "debian" || $used_os_type == "ubuntu") {
- if(is_link($alternatives_php) || is_file($alternatives_php) || !file_exists($alternatives_php))
- {
- unlink($alternatives_php);
- symlink($this->web['php_cli_binary'], $alternatives_php);
- } else {
- symlink($this->web['php_cli_binary'], $alternatives_php);
- }
+ if(is_link($php_binary) || is_file($php_binary) || !file_exists($php_binary)) {
+ unlink($php_binary);
}
+ symlink($this->web['php_cli_binary'], $php_binary);
+ }
+ } else {
+ // Use .bashrc to extend $PATH if PHP binary is in a custom path
+ $tpl->setVar('use_php_path', true);
+ $tpl->setVar('php_bin_dir', $php_bin_dir);
+
+ if(file_exists($php_binary)) {
+ unlink($php_binary);
}
}
+
$bashrc = $this->web['document_root'] . '/home/' . $this->data['new']['username'] . '/.bashrc';
- if(@is_file($bashrc) || @is_link($bashrc)) unlink($bashrc);
+ if (@is_file($bashrc) || @is_link($bashrc)) {
+ unlink($bashrc);
+ }
file_put_contents($bashrc, $tpl->grab());
$app->system->chown($bashrc, $this->data['new']['username']);
$app->system->chgrp($bashrc, $this->data['new']['pgroup']);
@@ -807,9 +805,7 @@ class shelluser_jailkit_plugin {
$app->log("Added bashrc script: " . $bashrc, LOGLEVEL_DEBUG);
unset($tpl);
-
}
-
} // end class
?>
--
GitLab