The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

some cPanel update added jailshell to my crontabs

Discussion in 'General Discussion' started by internetbug256, Jun 27, 2017.

Tags:
  1. internetbug256

    Joined:
    Jul 11, 2012
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Hi there.
    This morning some crontab processes stopped working as expected.
    After checking the basics, I surprisingly found that my crontab for user accounts was touched!
    So above every uncommented line, I found this:

    SHELL="/usr/local/cpanel/bin/jailshell"

    So cPanel somehow "touched" my crontabs and decided that running on a full shell was unsafe??!!

    Anyone knows how to make this TO NOT happen again? I mean, I don't want cPanel to touch my customized crontabs ever.

    Thanks in advance
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. internetbug256

    Joined:
    Jul 11, 2012
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Well, this never happened before, and it has happened exactly with the last night cpanel update. I mean, that cpanel has added this extra sentences and actually modified my crontab for accounts.

    This never happened before. Why?

    Let me explain a little further what I am doing. I have a sort of engine that process files (and runs on one user account) that are used by other two user accounts. So the shared directory is actually shared by other two accounts.
    Engine need R/W access to the directory, owned by one account, while the other account only has read access.

    I miraculously managed to have this working for years, in spite of the cPanel effort to "jail" me (you can check my previous post symbolic links between cPanel accounts).

    Unfortunately, cPanel keeps trying to think that the world of hosting can be managed in isolated jails without exceptions. That's not the case in the real world. Many times we developers need to create services to be shared by several accounts. In my case, this server runs accounts for a single company, so no worries about having symlinks between them.

    Jail shell is something that is NOT in use on this dedicated server. SSH is used by a single user, root. Jailshell is actually disabled on ALL user accounts. How comes then that my user crontab is "jailed"?

    Thanks for you time and patience.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you verify which version of cPanel is installed on your system, and which version it was updated from? Cron Jobs have ran from the jailed environment since cPanel 11.38, unless the account is assigned full shell access.

    Thank you.
     
  5. internetbug256

    Joined:
    Jul 11, 2012
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    • CENTOS 7.3 x86_64 lxc – host
    • cPanel & WHM 64.0 (build 29)
    I have all set to automated updates to release version.

    My cronjobs run 24x7, so believe me that they have run "unjailed" until this very morning.

    Question: if I set from WHM one user from "Disabled Shell" to "Jailed shell", does that instantly adds these sentences to crontab?
     
    #5 internetbug256, Jun 27, 2017
    Last edited by a moderator: Jun 27, 2017
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    If you switch the account to "Normal Shell" via "WHM >> Manage Shell Access", then the following line is added to the account's /var/spool/cron/$username file:

    Code:
    SHELL="/bin/bash"
    Switching the account to "Disabled" or "Jailed Shell" will lead to the following entry in the account's /var/spool/cron/$username file:

    Code:
    SHELL="/usr/local/cpanel/bin/jailshell"
    This is the intended behavior. Feel free to open a support ticket using the link in my signature so we can take a closer look and see what may have happened on system.

    Thank you.
     
  7. internetbug256

    Joined:
    Jul 11, 2012
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Thank you. That confirms why I found that line. It must have been me playing with shell options, trying to solve my other problem.
    I won't touch that anymore!
     
    cPanelMichael likes this.
  8. ladydi711

    ladydi711 Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    127
    Likes Received:
    3
    Trophy Points:
    318
    I noticed this today as well; my un-jailed users that have custom cron files have the "SHELL="/bin/bash" line inserted before every entry. I have not yet determined if this is causing me any issue, but editing the cron file is quite cumbersome now with all the extra lines in what was once a nicely commented/formatted cron file.

    Is there a proper cPanel preferred method for creating/maintaining the cron file now?

    If new tasks are created via command prompt editor, will the SHELL line get added in?

    Thanks in Advance!
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You'd generally setup the cron jobs for the account using the "Cron Jobs" option in cPanel. If you decide to setup the crontab file via the command line, you'd create the file at:

    Code:
    /var/spool/cron/$username
    The file should have "root" ownership, and the permissions are 0600. The "SHELL=" line should appear above each specific cron job. If the account uses jailed shell, or has no shell access, you'd use this line:

    Code:
    SHELL="/usr/local/cpanel/bin/jailshell"
    If the account is assigned normal shell access, you'd use this line before each cron job:

    Code:
    SHELL="/bin/bash"
    EX:

    Code:
    # cat /var/spool/cron/$user
    SHELL="/usr/local/cpanel/bin/jailshell"
    0 0 * * * php -v
    
    SHELL="/usr/local/cpanel/bin/jailshell"
    0 * * * * php -m
    Thank you.
     
    ladydi711 likes this.
Loading...

Share This Page