Executing daemons via crontab in jailshell cause problems

dev_ll

Member
Mar 23, 2008
9
0
51
Hello,

If user tries to execute long-term process (daemon for example) using jailshell'ed crontab - it launches, but user can't check or kill process because it is not visible to user.

For example, following loop.sh daemon is not visible to user after execution:

Code:
#!/bin/sh

while true; do
    sleep 60
done
As root, we can see three processes:

ps ax | grep loop.sh

22313 ? Ss 0:00 jailshell (user) [22320] ll -c /home/user/loop.sh
22320 ? S 0:00 jailshell (user) [init] ell -c /home/user/loop.sh
22321 ? S 0:00 /bin/sh /home/user/loop.sh

As user:

ps ax

1 ? S 0:00 -jailshell
40 ? R+ 0:00 ps ax


Therefore, If user runs daemons like ircd or icecast, it is not possible to use scripts which monitors failed daemon or kills hanged one.
Thank you in advance!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello :)

Does assigning normal shell access to the account allow the cron job to function as expected?

Thank you.
 

dev_ll

Member
Mar 23, 2008
9
0
51
Hi Michael!

Yes it does. For that reason we can't switch account from normal shell to jailed. :(

Thank you!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Jailshell is a restricted environment by design. It's likely that full shell access is required for the account to run the specific type of application used by that account.

Thank you.
 

dev_ll

Member
Mar 23, 2008
9
0
51
Michael, maybe you are right.

But, I think a process executed by a specific user context cron job should be accessible for the user. Moreover, the applications which we would like to run in jailed shell are very simple, they are no required to access resources beyond the home directory. And even simplest loop.sh (1st message) executed by cron job can't be accessed by user (check, kill ...).

If jailshell will support the described tasks, the overal system security will be higher, as there will not be requirements to enable normal shell.

Thank you!
 

dev_ll

Member
Mar 23, 2008
9
0
51
If the problem could not be solved by changing software configuration, what steps should I take to solve it in the nearly future? (support ticket, feature request). The support subscription is active.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
The following document might be of help if it was a file the account needed to access under a jailed shell environment:

How to Add Directories to Jailed Shell (VirtFS)

However, this seems different than what you are describing. Feel free to open a support ticket so we can take a closer look and determine if the behavior you are reporting is by design. Post the ticket number here and we can update this thread with the outcome.

Thank you.
 

dev_ll

Member
Mar 23, 2008
9
0
51
Hello,

As it turns out the problem is due to Linux kernel limitations. Thanks for assistance!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
I am happy to see you were able to determine the reason for the issue. Thank you for updating us with the outcome.