php script in a jail

Discussion in 'General' started by ychaouche, Aug 12, 2020.

Tags:
  1. ychaouche

    ychaouche New Member

    Dear HTF,
    In this other thread I explained how I got problems running a specific cron job as an ispconfig user from the command line.
    With the help of Jesse Norell, I could figure that there was a jail the cron job is being running from, and that jail wasn't setup properly. Copying the necessary files to that jail with the provided jk_init.ini file, the error disappeared, only to be replaced by another one :

    Code:
    [email protected]:~$ php /web/maintenance/maintenance.php pub.radioalgerie.dz
    PHP Fatal error:  Uncaught Error: Call to a member function query() on null in /web/lib/pear/DB/DataObject.php:2336
    Stack trace:
    #0 /web/lib/max/Dal/DataObjects/DB_DataObjectCommon.php(1047): DB_DataObject->_query('SELECT * \n FROM...')
    #1 /web/lib/pear/DB/DataObject.php(413): DB_DataObjectCommon->_query('SELECT * \n FROM...')
    #2 /web/lib/max/Dal/DataObjects/DB_DataObjectCommon.php(170): DB_DataObject->find()
    #3 /web/lib/OA/Preferences.php(91): DB_DataObjectCommon->getAll(Array, true)
    #4 /web/lib/OA/Preferences.php(374): OA_Preferences::loadPreferences(false, false, false, true)
    #5 /web/lib/OX/Maintenance.php(54): OA_Preferences::loadAdminAccountPreferences()
    #6 /web/scripts/maintenance/maintenance.php(49): OX_Maintenance->__construct()
    #7 /web/maintenance/maintenance.php(32): require_once('/web/scripts/ma...')
    #8 {main}
      thrown in /web/lib/pear/DB/DataObject.php on line 2336
    #!/usr/bin/php -q
    [email protected]:~$ 
    Could this has something to do with the database connection ? I don't even know if the database can be reached form the jail.

    For reference, this is the relevant parts of my jk_init.ini file
    Code:
    root#admin 13:36:32 ~ # removeblanks /etc/jailkit/jk_init.ini
    /bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
    [uidbasics]
    comment = common files for all jails that need user/group information
    libraries = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2, /lib/x86_64-linux-gnu/libnss*.so.2
    regularfiles = /etc/nsswitch.conf, /etc/ld.so.conf
    [netbasics]
    comment = common files for all jails that need any internet connectivity
    libraries = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2, /lib/x86_64-linux-gnu/libnss_dns.so.2
    regularfiles = /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols
    [logbasics]
    comment = timezone information
    regularfiles = /etc/localtime
    need_logsocket = 1
    [jk_lsh]
    comment = Jailkit limited shell
    executables = /usr/sbin/jk_lsh
    regularfiles = /etc/jailkit/jk_lsh.ini
    users = root
    groups = root
    need_logsocket = 1
    includesections = uidbasics
    [limitedshell]
    comment = alias for jk_lsh
    includesections = jk_lsh
    [cvs]
    comment = Concurrent Versions System
    executables = /usr/bin/cvs
    devices = /dev/null
    [git]
    comment = Fast Version Control System
    executables = /usr/bin/git*
    directories = /usr/share/git-core
    includesections = editors
    [scp]
    comment = ssh secure copy
    executables = /usr/bin/scp
    includesections = netbasics, uidbasics
    devices = /dev/urandom
    [sftp]
    comment = ssh secure ftp
    executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server
    includesections = netbasics, uidbasics
    devices = /dev/urandom, /dev/null
    [ssh]
    comment = ssh secure shell
    executables = /usr/bin/ssh
    includesections = netbasics, uidbasics
    devices = /dev/urandom, /dev/tty
    [rsync]
    executables = /usr/bin/rsync
    includesections = netbasics, uidbasics
    [procmail]
    comment = procmail mail delivery
    executables = /usr/bin/procmail, /bin/sh
    devices = /dev/null
    [basicshell]
    comment = bash based shell with several basic utilities
    executables = /bin/sh, /bin/bash, /bin/ls, /bin/cat, /bin/chmod, /bin/mkdir, /bin/cp, /bin/cpio, /bin/date, /bin/dd, /bin/echo, /bin/egrep, /bin/false, /bin/fgrep, /bin/grep, /bin/gunzip, /bin/gzip, /bin/ln, /bin/ls, /bin/mkdir, /bin/mktemp, /bin/more, /bin/mv, /bin/pwd, /bin/rm, /bin/rmdir, /bin/sed, /bin/sh, /bin/sleep, /bin/sync, /bin/tar, /bin/touch, /bin/true, /bin/uncompress, /bin/zcat
    regularfiles = /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile
    directories = /usr/lib/locale/en_US.utf8
    users = root
    groups = root
    includesections = uidbasics
    [midnightcommander]
    comment = Midnight Commander
    executables = /usr/bin/mc, /usr/bin/mcedit, /usr/bin/mcview
    directories = /etc/terminfo, /usr/share/terminfo, /usr/share/mc
    includesections = basicshell
    [extendedshell]
    comment = bash shell including things like awk, bzip, tail, less
    executables = /usr/bin/awk, /usr/bin/bzip2, /usr/bin/bunzip2, /usr/bin/ldd, /usr/bin/less, /usr/bin/clear, /usr/bin/cut, /usr/bin/du, /usr/bin/find, /usr/bin/head, /usr/bin/less, /usr/bin/md5sum, /usr/bin/nice, /usr/bin/sort, /usr/bin/tac, /usr/bin/tail, /usr/bin/tr, /usr/bin/sort, /usr/bin/wc, /usr/bin/watch, /usr/bin/whoami
    includesections = basicshell, midnightcommander, editors
    [editors]
    comment = vim, joe and nano
    executables = /usr/bin/joe, /usr/bin/nano, /usr/bin/vi, /usr/bin/vim, /usr/bin/pico
    regularfiles = /etc/vimrc
    directories = /etc/joe, /etc/terminfo, /usr/share/vim, /usr/share/terminfo, /lib/terminfo
    [netutils]
    comment = several internet utilities like wget, ftp, rsync, scp, ssh
    executables = /usr/bin/wget, /usr/bin/lynx, /usr/bin/ftp, /usr/bin/host, /usr/bin/rsync, /usr/bin/smbclient
    includesections = netbasics, ssh, sftp, scp
    [apacheutils]
    comment = htpasswd utility
    executables = /usr/bin/htpasswd
    [extshellplusnet]
    comment = alias for extendedshell + netutils + apacheutils
    includesections = extendedshell, netutils, apacheutils
    [openvpn]
    comment = jail for the openvpn daemon
    executables = /usr/sbin/openvpn
    users = root,nobody
    groups = root,nogroup
    includesections = netbasics
    devices = /dev/urandom, /dev/random, /dev/net/tun
    includesections = netbasics, uidbasics
    need_logsocket = 1
    [apache]
    comment = the apache webserver, very basic setup, probably too limited for you
    executables = /usr/sbin/apache
    users = root, www-data
    groups = root, www-data
    includesections = netbasics, uidbasics
    [perl]
    comment = the perl interpreter and libraries
    executables = /usr/bin/perl
    directories = /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5
    [xauth]
    comment = getting X authentication to work
    executables = /usr/bin/X11/xauth
    regularfiles = /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf
    [xclients]
    comment = minimal files for X clients
    regularfiles = /usr/X11R6/lib/X11/rgb.txt
    includesections = xauth
    [vncserver]
    comment = the VNC server program
    executables = /usr/bin/Xvnc, /usr/bin/Xrealvnc
    directories = /usr/X11R6/lib/X11/fonts/
    includesections = xclients
    [php]
    comment = pris depuis https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/stable-3.1/install/tpl/jk_init.ini.master
    paths = /usr/bin/php
    includesections = php_common, php7_2
    [php_common]
    comment = common php directories and libraries
    paths = /usr/bin/php, /usr/lib/php/, /usr/share/php/, /usr/share/zoneinfo/
    includesections = env
    [env]
    comment = /usr/bin/env for environment variables
    paths = env
    [php7_2]
    comment = php version 7.2
    paths = /usr/bin/php7.2, /usr/lib/php/7.2/, /usr/lib/php/20170718/, /usr/share/php/7.2/, /etc/php/7.2/cli/, /etc/php/7.2/mods-available/
    includesections = php_common
    root#admin 13:36:42 ~ #
    
     
  2. nhybgtvfr

    nhybgtvfr Active Member

    could be. is it trying to connect to a local mysql server?
    the obvious issue that springs to mind is the mysql server connection is using a unix socket, and the socket isn't included in the jail.
    it can be, but that can lead to other problems/complications.
    if you've got the server host for the database connection set as 'localhost' you can try changing it to '127.0.0.1' so it connects to the tcp socket instead.
     

Share This Page