CHROOT issues/questions

And, you will find the default jail configurations in /etc/jalkit/jk_init.ini, and you can modify those, and you can choose which kind of jail is used by Virtualmin (that’s chosen in Server Templates, I believe).

I believe we use basicshell, but I might be wrong (this isn’t a feature I use, so I’m not very familiar with it, though I did a lot of the implementation many years ago).

basicshell is defined as:

[basicshell]
comment = bash based shell with several basic utilities
paths = /bin/sh, bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep, false, fgrep, grep, gunzip, gzip, ln, ls, mkdir, mktemp, more, mv, pwd, rm, rmdir, sed, sh, sleep, sync, tar, touch, true, uncompress, zcat, /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile, /usr/lib/locale/en_US.utf8
users = root
groups = root
includesections = uidbasics

I still don’t understand what the motivation is to use jails?

They appear to add nothing but trouble. based on some alleged benefit of additional security.

Worth a read is the Wikipedia entry.

Also:
From Linus Torvalds:

So all chroot(2) really does is reset the “/” reference?

Yes. Literally. Everything else stays the same, including any open files (and cwd).

It’s a “flaw” in chroot if you consider it a jail, but it’s used for so much more than that.

(…)

Note that the most common use of chroot isn’t actually the “jail” kind of usage, but building and installation environments (ie a lot of package building stuff end up using chroot as a way to create the “target environment”).
chroot safety - DEV Community.

Back to ID10T commenting. :wink:
Basically, people feel like they are getting a Virtual Machine with chroot, but, they aren’t.

chroot has loads of great uses. A jail is the least interesting, but in web hosting, it became the norm for aesthetic reasons (people didn’t like their customers seeing the rest of the system), so everybody expects us to offer it, so we do.

In the long run, we probably need to be aiming for container-per-domain, which provides actual isolation. A container is not a chroot jail, though it looks similar. Containers were actually designed to provide isolation, and a decade or so of the Docker/LXC/etc. folks banging on it has hardened the implementation in the Linux kernel pretty effectively. I think we can call containers a security feature, while it’s not comfortable for me to call chroot a security feature.

But, containers are more complicated. It’s hard to say, “OK, the user will be in a container, but their data and apps will be visible to the Apache running outside of the container”…and that also means the container is escaped by web apps. So, shared hosting is no longer really possible, if you want to actually “contain” your users. So…it’s always kind of an illusion. A shared hosting system is always going to be a shared hosting system. To get isolation, you have to duplicate a lot of services into each isolated thing, which takes more resources. Shared hosters are trying to do all this cheaply and on tiny little VMs (I don’t have hard data, but the impression I get is that there’s still a lot of Virtualmin installations happening on 1 and 2GB VMs).

Just more of a thinking out loud comment. If your lively hood depends on the site, virtual machine. If you have a small side business doing ecommerce, container. Most other sites, is the current shared environment all that bad?

I’d say not at all (LOL)! While I’m really only familiar with the hosting business from my own perspective over twenty five years, only a tiny percentage of sites really need other than a shared hosting environment. Of course, I remember running a dozen HTML sites on a 486 with 500 megabytes of ram…

I’m going to stick to using the jail functionality in the shared hosting environments I provide. That’s because if there is even a modicum of additional security provided, it’s worth having in place. However, I still have to figure out the exact steps to allowing emails to be sent from forms within WordPress sites inside of the jail using Virtualmin.

I think shared hosting is fine for most things people are using Virtualmin for. UNIX/Linux has been a multi-tenant system for its entire existence. If you use reasonable practices (run site apps as the user, practice good hygiene with regard to permissions, etc.), nobody can see the sensitive stuff of anyone else.

And, for the really sensitive stuff, billing happens off-site now when using PayPal, Braintree, or Stripe in the recommended way (your website never sees customer billing information).

It is mostly aesthetic. What it looks like to a non-technical user to see a list of other user homes when they ls /home. That looks scary, and may bother hosts who don’t want their customer lists being visible (which is reasonable). So, requiring use of ProFTPd connections (whether FTPS or SFTP) can prevent that without needing a chroot jail, if those customers don’t need a shell.

It’s just that the high end part of the market has mostly moved on from shared hosting. We’re all operating in a particular niche of the hosting industry. Shared hosting is small businesses, and also web designers/developers who build for small businesses. Not a lot of big enterprise is deploying to shared hosting at this point in history.

What probably happened is the chroot environment didn’t include access to some mail-related binaries, sockets, or libraries that PHP/WordPress expected when trying to hand mail off locally. That would explain why system mail still worked while WordPress forms silently failed inside the jailed environment.

I’ve run into similar “works normally until isolation/sandboxing is enabled” behavior while building and testing web-based utility tools myself. Small environment differences can break things in ways that don’t always show clearly in logs, which makes debugging extra frustrating.

I’m not sure why this thread didn’t auto close but it is three years old.

the bot had a day off perhaps, or got a bit behind and said “couldn’t be arsed, someone else can do it” :laughing:

Yes, I was wondering how this happened! Amazing that folks are still interested in responding, though! Enjoy the weekend!

maybe it’s an AI spam bot ?

If a thread is ever re-opened by an admin/moderator, for whatever reason, it is never re-closed automatically.

And, Alex_Moya does seem like a bot making posts to gain reputation before they begin posting spam. I’ll keep an eye on them.

And, I’ll close this thread.