CHROOT issues/questions

Help! (Home for newbies)
21

And, you will find the default jail configurations in /etc/jalkit/jk_init.ini, and you can modify those, and you can choose which kind of jail is used by Virtualmin (that’s chosen in Server Templates, I believe).

I believe we use basicshell, but I might be wrong (this isn’t a feature I use, so I’m not very familiar with it, though I did a lot of the implementation many years ago).

basicshell is defined as:

[basicshell]
comment = bash based shell with several basic utilities
paths = /bin/sh, bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep, false, fgrep, grep, gunzip, gzip, ln, ls, mkdir, mktemp, more, mv, pwd, rm, rmdir, sed, sh, sleep, sync, tar, touch, true, uncompress, zcat, /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile, /usr/lib/locale/en_US.utf8
users = root
groups = root
includesections = uidbasics
22

I still don’t understand what the motivation is to use jails?

They appear to add nothing but trouble. based on some alleged benefit of additional security.

23

Worth a read is the Wikipedia entry.

Also:
From Linus Torvalds:

So all chroot(2) really does is reset the “/” reference?

Yes. Literally. Everything else stays the same, including any open files (and cwd).

It’s a “flaw” in chroot if you consider it a jail, but it’s used for so much more than that.

(…)

Note that the most common use of chroot isn’t actually the “jail” kind of usage, but building and installation environments (ie a lot of package building stuff end up using chroot as a way to create the “target environment”).
chroot safety - DEV Community.

Back to ID10T commenting. :wink:
Basically, people feel like they are getting a Virtual Machine with chroot, but, they aren’t.

24

chroot has loads of great uses. A jail is the least interesting, but in web hosting, it became the norm for aesthetic reasons (people didn’t like their customers seeing the rest of the system), so everybody expects us to offer it, so we do.

In the long run, we probably need to be aiming for container-per-domain, which provides actual isolation. A container is not a chroot jail, though it looks similar. Containers were actually designed to provide isolation, and a decade or so of the Docker/LXC/etc. folks banging on it has hardened the implementation in the Linux kernel pretty effectively. I think we can call containers a security feature, while it’s not comfortable for me to call chroot a security feature.

But, containers are more complicated. It’s hard to say, “OK, the user will be in a container, but their data and apps will be visible to the Apache running outside of the container”…and that also means the container is escaped by web apps. So, shared hosting is no longer really possible, if you want to actually “contain” your users. So…it’s always kind of an illusion. A shared hosting system is always going to be a shared hosting system. To get isolation, you have to duplicate a lot of services into each isolated thing, which takes more resources. Shared hosters are trying to do all this cheaply and on tiny little VMs (I don’t have hard data, but the impression I get is that there’s still a lot of Virtualmin installations happening on 1 and 2GB VMs).

2 Likes
25

Just more of a thinking out loud comment. If your lively hood depends on the site, virtual machine. If you have a small side business doing ecommerce, container. Most other sites, is the current shared environment all that bad?

26

I’d say not at all (LOL)! While I’m really only familiar with the hosting business from my own perspective over twenty five years, only a tiny percentage of sites really need other than a shared hosting environment. Of course, I remember running a dozen HTML sites on a 486 with 500 megabytes of ram…

I’m going to stick to using the jail functionality in the shared hosting environments I provide. That’s because if there is even a modicum of additional security provided, it’s worth having in place. However, I still have to figure out the exact steps to allowing emails to be sent from forms within WordPress sites inside of the jail using Virtualmin.

27

I think shared hosting is fine for most things people are using Virtualmin for. UNIX/Linux has been a multi-tenant system for its entire existence. If you use reasonable practices (run site apps as the user, practice good hygiene with regard to permissions, etc.), nobody can see the sensitive stuff of anyone else.

And, for the really sensitive stuff, billing happens off-site now when using PayPal, Braintree, or Stripe in the recommended way (your website never sees customer billing information).

It is mostly aesthetic. What it looks like to a non-technical user to see a list of other user homes when they ls /home. That looks scary, and may bother hosts who don’t want their customer lists being visible (which is reasonable). So, requiring use of ProFTPd connections (whether FTPS or SFTP) can prevent that without needing a chroot jail, if those customers don’t need a shell.

It’s just that the high end part of the market has mostly moved on from shared hosting. We’re all operating in a particular niche of the hosting industry. Shared hosting is small businesses, and also web designers/developers who build for small businesses. Not a lot of big enterprise is deploying to shared hosting at this point in history.