Here, we are trying to explain the most common issues that are encountered on systems, which use a jailed shell environment on a Virtuozzo or OpenVZ VPS (Virtual Private Server).
A VPS is a Virtual Private Server. In the context of web hosting, it is used as a web server to store/host the files of various websites. Web servers are a key component of the service of web hosting, which is meant to render websites accessible over the Internet. A web server stores the files of websites, ensures their availability at all times, and delivers those files over the Internet to clients (browsers and mobile applications) when requests are received by the servers from these clients for the content of websites. In a nutshell, a web server, including a VPS, accepts and fulfils clients’ requests, in the form of http (Hypertext Transfer Protocol) messages by delivering stored web content. In this way, web servers that are made available through web hosting, ensure that websites are always up and running and easily accessible over the Internet.
When it comes to web hosting, this professional service
is provided through different hosting plans by web hosting companies that have
the technical expertise to provide high uptime along with all the other
essential features that ensure seamless accessibility of websites. Web hosting
has many types. These are dedicated, reseller, shared, cloud, WordPress, and
VPS. VPS refers to the servers that are used for hosting websites. Website
owners are always looking for the best quality of service at the most
affordable prices, and hence, they opt for reputable web hosting service
providers, such as HTS Hosting, which is frequently referred to as the “Best Website
Hosting Company” and as the “Top Cloud
Hosting Company” globally.
Let us explore VPS in greater detail, before touching
upon the process to Troubleshoot
Jailshell Problems on a Virtuozzo or OpenVZ VPS.
Virtual
Private Servers
As mentioned previously, a Virtual Private Server (VPS)
is a type of a web server. These servers can be availed through various hosting
plans of any reliable web hosting company, and are made available in the form
of either a managed service or an unmanaged service.
Virtualization technology is used by a VPS. It runs its
copy of an OS (Operating System). A VPS provides dedicated resources individually
to each of the numerous users hosted in a shared server environment. In it, the
environment of a dedicated server is virtually mimicked within a host/parent
server (shared server). This enables multiple clients to utilise the isolated
instances of the same parent server. A Virtual Private Server is software-defined.
Hence, it can be created and configured easily as well as quickly. Even when
multiple virtual servers exist in a shared environment in a VPS, these remain
separate from each other, owing to a virtual layer that is present atop the
operating system. The software, Hypervisor, enables the segmentation of these
virtual servers. Hence, each virtual server that exists in this shared
environment in a VPS, gets its own operating system and software.
Now that you understand what a VPS is essentially, let us
proceed to our main topic. In that context, let us first talk about user and
mount limits.
User and
mount limits
A maximum of 256 jailshell users are supported on a
system, which uses the Apache mod_ruid2 module; by CentOS 6 and older versions.
If this limit is encountered, then there is a need to consider an upgrade to a
newer OS. Performance as well as connection issues have been reported with
regard to attempts that have been made to mount more than 4000 targets in a
Virtuozzo environment. When this limit is encountered, and one still requires a
large number of Jailshelled users, one needs to consider a different
virtualization platform.
Full /proc
mount for jailed shell users
The users on a server might have a full /proc mount,
rather than limited, despite you selecting a limited /proc option for the
Jailed /proc mount method in WHM ‘s Tweak Settings interface’s System section. WHM
>> Home >> Server >> Configuration >> Tweak Settings.
Due to this issue, jailed shell users are able to view the complete process
list on the server.
If you need to verify whether this issue exists on your
server, you should carry out the following steps-
- SSH in to the server. This needs to be done as a jailed shell user.
- Run the ps axu command.
If this command returns the entire process list for the
server, then the user has a full /proc mount.
So, why does this problem occur? The reason for this
issue is that the clone() system call didn’t accept the CLONE_NEWPID flag. The sys_admin
capability needs to be set to on, for the clone() system call to handle this
flag correctly. The below-mentioned command needs to be run, for setting the sys_admin
capability to on.
vzctl set CTID --save --capability
sys_admin:on
Unable to set uids error
The system might return an error when users try to access
the jailed shell environment. This error is as follows:
Unable to set uids
What causes this problem is usually a conflict with
custom hard nproc settings in the
/etc/security/limits.conf file. These settings’ custom values might also
create issues in account creation. You need to revert the hard nproc settings to their
default values, in order to resolve this issue.
MySQL
connection errors
Sites can return MySQL connection errors when one enables
the Jail Apache Virtual Hosts with the aid of mod_ruid2 and cPanel Jailshell setting
in the Tweak Settings interface in WHM. WHM >> Home >> Server
Configuration >> Tweak Settings.
The cause of this problem is usually a restriction of the
loop device limit within OpenVZ. Hence, you need to carry out the
below-mentioned steps, in order to increase the loop device limit.
- Add max_loop=256 as a kernel parameter, in the /etc/grub.conf file.
- Reboot the server.
- Now the following command needs to be run:
/sbin/MAKEDEV -v /dev/loop
- Next, these steps need to be repeated for the VPS container, and for the VPS node.
No comments:
Post a Comment