Updated PHP Shell/Jailkit code

Author: ms217

install/tpl/jk_init_el.ini.master

@@ -1,7 +1,7 @@
 # jk_init.ini:  jailkit initialization config
 
 # Includes paths to handle Enterprise Linux systems like RHEL and its derivatives AlmaLinux, Rocky Linux et cetera
-# if other paths are needed please create an issue with the details or a merge request at:
+# if other paths are needed please create an issue with the details or even a merge request at:
 # https://git.ispconfig.org/ispconfig/ispconfig3
 
 [uidbasics]
@@ -202,67 +202,67 @@ includesections = env, logbasics, netbasics, mysqlutils, webutils, imagemagick
 
 [php5_4]
 comment = PHP 5.4
-paths = /opt/remi/php54/root/bin/php, /opt/remi/php54/root/bin/phar, /opt/remi/php54/root/usr/lib64/, /opt/remi/php54/root/usr/share/
+paths = /opt/remi/php54/root/bin/php, /usr/bin/php54, /opt/remi/php54/root/bin/phar, /opt/remi/php54/root/usr/lib64/, /opt/remi/php54/root/usr/share/
 includesections = php_common
 
 [php5_5]
 comment = PHP 5.5
-paths = /opt/remi/php55/root/bin/php, /opt/remi/php55/root/bin/phar, /opt/remi/php55/root/usr/lib64/, /opt/remi/php55/root/usr/share/
+paths = /opt/remi/php55/root/bin/php, /usr/bin/php55, /opt/remi/php55/root/bin/phar, /opt/remi/php55/root/usr/lib64/, /opt/remi/php55/root/usr/share/
 includesections = php_common
 
 [php5_6]
 comment = PHP 5.6
-paths = /opt/remi/php56/root/bin/php, /opt/remi/php56/root/bin/phar, /opt/remi/php56/root/usr/lib64/, /opt/remi/php56/root/usr/share/
+paths = /opt/remi/php56/root/bin/php, /usr/bin/php56, /opt/remi/php56/root/bin/phar, /opt/remi/php56/root/usr/lib64/, /opt/remi/php56/root/usr/share/
 includesections = php_common
 
 [php7_0]
 comment = PHP 7.0
-paths = /opt/remi/php70/root/bin/php, /opt/remi/php70/root/bin/phar, /opt/remi/php70/root/usr/lib64/, /opt/remi/php70/root/usr/share/
+paths = /opt/remi/php70/root/bin/php, /usr/bin/php70, /opt/remi/php70/root/bin/phar, /opt/remi/php70/root/usr/lib64/, /opt/remi/php70/root/usr/share/
 includesections = php_common
 
 [php7_1]
 comment = PHP 7.1
-paths = /opt/remi/php71/root/bin/php, /opt/remi/php71/root/bin/phar, /opt/remi/php71/root/usr/lib64/, /opt/remi/php71/root/usr/share/
+paths = /opt/remi/php71/root/bin/php, /usr/bin/php71, /opt/remi/php71/root/bin/phar, /opt/remi/php71/root/usr/lib64/, /opt/remi/php71/root/usr/share/
 includesections = php_common
 
 [php7_2]
 comment = PHP 7.2
-paths = /opt/remi/php72/root/bin/php, /opt/remi/php72/root/bin/phar, /opt/remi/php72/root/usr/lib64/, /opt/remi/php72/root/usr/share/
+paths = /opt/remi/php72/root/bin/php, /usr/bin/php72, /opt/remi/php72/root/bin/phar, /opt/remi/php72/root/usr/lib64/, /opt/remi/php72/root/usr/share/
 includesections = php_common
 
 [php7_3]
 comment = PHP 7.3
-paths = /opt/remi/php73/root/bin/php, /opt/remi/php73/root/bin/phar, /opt/remi/php73/root/usr/lib64/, /opt/remi/php73/root/usr/share/
+paths = /opt/remi/php73/root/bin/php, /usr/bin/php73, /opt/remi/php73/root/bin/phar, /opt/remi/php73/root/usr/lib64/, /opt/remi/php73/root/usr/share/
 includesections = php_common
 
 [php7_4]
 comment = PHP 7.4
-paths = /opt/remi/php74/root/bin/php, /opt/remi/php74/root/bin/phar, /opt/remi/php74/root/usr/lib64/, /opt/remi/php74/root/usr/share/
+paths = /opt/remi/php74/root/bin/php, /usr/bin/php74, /opt/remi/php74/root/bin/phar, /opt/remi/php74/root/usr/lib64/, /opt/remi/php74/root/usr/share/
 includesections = php_common
 
 [php8_0]
 comment = PHP 8.0
-paths = /opt/remi/php80/root/bin/php, /opt/remi/php80/root/bin/phar, /opt/remi/php80/root/usr/lib64/, /opt/remi/php80/root/usr/share/
+paths = /opt/remi/php80/root/bin/php, /usr/bin/php80, /opt/remi/php80/root/bin/phar, /opt/remi/php80/root/usr/lib64/, /opt/remi/php80/root/usr/share/
 includesections = php_common
 
 [php8_1]
 comment = PHP 8.1
-paths = /opt/remi/php81/root/bin/php, /opt/remi/php81/root/bin/phar, /opt/remi/php81/root/usr/lib64/, /opt/remi/php81/root/usr/share/
+paths = /opt/remi/php81/root/bin/php, /usr/bin/php81, /opt/remi/php81/root/bin/phar, /opt/remi/php81/root/usr/lib64/, /opt/remi/php81/root/usr/share/
 includesections = php_common
 
 [php8_2]
 comment = PHP 8.2
-paths = /opt/remi/php82/root/bin/php, /opt/remi/php82/root/bin/phar, /opt/remi/php82/root/usr/lib64/, /opt/remi/php82/root/usr/share/
+paths = /opt/remi/php82/root/bin/php, /usr/bin/php82, /opt/remi/php82/root/bin/phar, /opt/remi/php82/root/usr/lib64/, /opt/remi/php82/root/usr/share/
 includesections = php_common
 
 [php8_3]
 comment = PHP 8.3
-paths = /opt/remi/php83/root/bin/php, /opt/remi/php83/root/bin/phar, /opt/remi/php83/root/usr/lib64/, /opt/remi/php83/root/usr/share/
+paths = /opt/remi/php83/root/bin/php, /usr/bin/php83, /opt/remi/php83/root/bin/phar, /opt/remi/php83/root/usr/lib64/, /opt/remi/php83/root/usr/share/
 includesections = php_common
 
 [php8_4]
 comment = PHP 8.4
-paths = /opt/remi/php84/root/bin/php, /opt/remi/php84/root/bin/phar, /opt/remi/php84/root/usr/lib64/, /opt/remi/php84/root/usr/share/
+paths = /opt/remi/php84/root/bin/php, /usr/bin/php84, /opt/remi/php84/root/bin/phar, /opt/remi/php84/root/usr/lib64/, /opt/remi/php84/root/usr/share/
 includesections = php_common
 
 [imagemagick]

server/conf/bashrc_user_deb.master

@@ -92,12 +92,10 @@ fi
 #alias la='ls -A'
 #alias l='ls -CF'
 
-<tmpl_if name='jailkit_chroot' op='==' value='n'>
 <tmpl_if name='use_php_path'>
 # Overwrite the PHP cli binaries by using $PATH:
 export PATH=<tmpl_var name='php_bin_dir'>:$PATH
 </tmpl_if>
-</tmpl_if>
 
 # Alias definitions.
 # You may want to put all your additions into a separate file like

server/conf/bashrc_user_generic.master

@@ -23,8 +23,8 @@ if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]]
 then
     PATH="$HOME/.local/bin:$HOME/bin:$PATH"
 fi
-export PATH
 
+export PATH
 
 # Source custom bashrc files
 if [ -d ~/.bashrc.d ]

server/conf/bashrc_user_redhat.master

@@ -34,10 +34,8 @@ if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]]
 then
     PATH="$HOME/.local/bin:$HOME/bin:$PATH"
 fi
-export PATH
 
-# Uncomment the following line if you don't like systemctl's auto-paging feature:
-# export SYSTEMD_PAGER=
+export PATH
 
 # Source custom bashrc files
 if [ -d ~/.bashrc.d ]

server/lib/classes/cron.d/600-jailkit_maintenance.inc.php

@@ -88,10 +88,15 @@ public function onRunJob() {
 			}
 
 			$shelluser_list = $app->db->queryAllRecords("SELECT * FROM shell_user WHERE parent_domain_id = ? and chroot = 'jailkit' and active = 'y'", $rec['domain_id']);
-			$cronjob_list = $app->db->queryAllRecords("SELECT * FROM cron WHERE parent_domain_id = ? and type = 'chrooted' and active = 'y'", $rec['domain_id']);
 
-			if(is_array($cronjob_list) && !empty($cronjob_list) || is_array($shelluser_list) && !empty($shelluser_list)) {
+			if(is_array($shelluser_list) && !empty($shelluser_list)) {
 				$options['jk_php_maintenance_check'] = "yes";
+				$options['homedir_usernames'] = array();
+
+				foreach($shelluser_list as $shelluser) {
+					$options['homedir_usernames'][] = $shelluser['username'];
+				}
+
 			} else {
 				$options['jk_php_maintenance_check'] = "no";
 

server/lib/classes/system.inc.php

@@ -2555,7 +2555,7 @@ public function create_jailkit_chroot($home_dir, $app_sections = array(), $optio
 		} elseif(is_string($app_sections)) {
 			$app_sections = preg_split('/[\s,]+/', $app_sections);
 		}
-		if(! is_array($options)) {
+		if(!is_array($options)) {
 			$options = (is_string($options) ? preg_split('/[\s,]+/', $options) : array());
 		}
 
@@ -2588,8 +2588,15 @@ public function create_jailkit_chroot($home_dir, $app_sections = array(), $optio
 
 		// Initialize the chroot into the specified directory with the specified applications
 		$cmd = 'jk_init' . $program_args;
+		$app->log("Executing command: $cmd", LOGLEVEL_DEBUG);
 		$this->exec_safe($cmd, $home_dir);
 
+		// Check for errors in the command execution
+		if ($this->last_exec_retcode() != 0) {
+			$app->log("Error executing jk_init command: " . implode("\n", $this->last_exec_out()), LOGLEVEL_ERROR);
+			return false;
+		}
+
 		// Create the tmp and /var/run directories
 		if(!is_dir($home_dir . '/tmp')) {
 			$this->mkdirpath($home_dir . '/tmp', 0770);
@@ -2694,6 +2701,8 @@ public function update_jailkit_chroot($home_dir, $sections = array(), $programs
 		global $app;
 
 		$app->log("update_jailkit_chroot called for $home_dir with options ".print_r($options, true), LOGLEVEL_DEBUG);
+		$app->log("update_jailkit_chroot called for $home_dir with sections ".print_r($sections, true), LOGLEVEL_DEBUG);
+
 		$app->uses('ini_parser');
 
 		// Disallow operating on root directory
@@ -2738,7 +2747,7 @@ public function update_jailkit_chroot($home_dir, $sections = array(), $programs
 				$jk_cp_args .= ' -f';
 				break;
 			default:
-				if (preg_match('@^skip[ =]/?(.+)$@', $opt, $matches) ) {
+				if (is_string($opt) && preg_match('@^skip[ =]/?(.+)$@', $opt, $matches) ) {
 					if (in_array($matches[1], $jailkit_directories)) {
 						$app->log("update_jailkit_chroot: skipping update of jailkit directory $home_dir/".$matches[1]
 							. "; if this is in use as a web folder, it is insecure and should be fixed.", LOGLEVEL_WARN);
@@ -2877,37 +2886,48 @@ public function update_jailkit_chroot($home_dir, $sections = array(), $programs
 			$this->chmod($home_dir . '/var/tmp', 0770, true);
 		}
 
-		$os_type = $app->system->get_os_type();
-		if (isset($os_type['type'])) {
-			$used_os_type = $os_type['type'];
-		} else {
-			$used_os_type = 'unknown';
-		}
+		// If update_jailkit_chroot was called from cronjob 600-jailkit.inc.php, we need to check if the PHP cli binary is available in the jail
+		if(isset($options['jk_php_maintenance_check']) && $options['jk_php_maintenance_check'] == 'yes') {
+			$os_type = $app->system->get_os_type();
+			$used_os_type = isset($os_type['type']) ? $os_type['type'] : 'unknown';
+
+			if(is_array($options['homedir_usernames']) && !empty($options['homedir_usernames'])) {
+				foreach($options['homedir_usernames'] as $homedir_username) {
 
-		if($options['jk_php_maintenance_check'] == 'yes') {
-			$alternatives_php = $home_dir . '/etc/alternatives/php';
+					if($used_os_type == "debian" || $used_os_type == "ubuntu") {
+						$php_binary = $home_dir . '/etc/alternatives/php';
+					} elseif ($used_os_type == "redhat") {
+						$php_binary = $home_dir . '/home/' . $homedir_username . '/.local/bin/php';
+					} else {
+						$php_binary = $home_dir . '/home/' . $homedir_username . '/.local/bin/php';
+					}
 
-			if(!empty($options['php_cli_binary'])) {
-				$php_bin_dir = dirname($options['php_cli_binary']);
-				if(!file_exists($home_dir . '/' . $options['php_cli_binary'])) {
-					$app->log("update_jailkit_chroot: The PHP cli binary " . $options['php_cli_binary'] . " is not available in the jail of the web " . $options['domain'], LOGLEVEL_DEBUG);
+					if(!empty($options['php_cli_binary'])) {
+						$php_bin_dir = dirname($options['php_cli_binary']);
+						if(!file_exists($home_dir . '/' . $options['php_cli_binary'])) {
+							$app->log("update_jailkit_chroot: The PHP cli binary " . $options['php_cli_binary'] . " is not available in the jail of the web " . $options['domain'], LOGLEVEL_DEBUG);
 
-					$fallback_php = $app->system->get_newest_php_bin($home_dir . $php_bin_dir);
-					$fallback_php_bin = str_replace($home_dir, '', $fallback_php);
+							$fallback_php = $app->system->get_newest_php_bin($home_dir . $php_bin_dir);
+							$fallback_php_bin = str_replace($home_dir, '', $fallback_php);
 
-					if(!empty($fallback_php) && file_exists($fallback_php_bin)) {
-						if(is_link($alternatives_php) || is_file($alternatives_php) || !file_exists($alternatives_php)) {
-							unlink($alternatives_php);
-							symlink($fallback_php_bin, $alternatives_php);
-							$app->log("update_jailkit_chroot: Found " . $fallback_php_bin . " as a fallback for alternatives/php in the jail of " . $options['domain'], LOGLEVEL_DEBUG);
-						}
-					}
-				} else {
-					if($used_os_type == "debian" || $$used_os_type == "ubuntu") {
-						$app->log("update_jailkit_chroot: setting alternatives/php to " . $options['php_cli_binary'], LOGLEVEL_DEBUG);
-						if(is_link($alternatives_php) || is_file($alternatives_php) || !file_exists($alternatives_php)) {
-							unlink($alternatives_php);
-							symlink($options['php_cli_binary'], $alternatives_php);
+							if(!empty($fallback_php) && file_exists($fallback_php_bin)) {
+								if(is_link($php_binary) || is_file($php_binary) || !file_exists($php_binary)) {
+									unlink($php_binary);
+									symlink($fallback_php_bin, $php_binary);
+									$app->log("update_jailkit_chroot: Found " . $fallback_php_bin . " as a fallback for PHP in the jail of " . $options['domain'], LOGLEVEL_DEBUG);
+								}
+							}
+						} else {
+								$app->log("update_jailkit_chroot: setting PHP to " . $options['php_cli_binary'], LOGLEVEL_DEBUG);
+								if(is_link($php_binary) || is_file($php_binary) || !file_exists($php_binary)) {
+									unlink($php_binary);
+									symlink($options['php_cli_binary'], $php_binary);
+									if($used_os_type == "debian" || $$used_os_type == "ubuntu") {
+										if(file_exists($home_dir . '/home/' . $homedir_username . '/.local/bin/php')) {
+											unlink($home_dir . '/home/' . $homedir_username . '/.local/bin/php');
+										}
+									}
+								}
 						}
 					}
 				}
@@ -3096,8 +3116,7 @@ public function get_newest_php_bin($bin_directory) {
 			while(false !== ($entry = readdir($handle))) {
 			$full_path = $bin_directory . '/' . $entry;
 				// Check if the filename matches a pattern for commonly available PHP CLI binaries
-				// and ensure they are not symbolic links
-				if(preg_match('/^php(\d{1,2}\.?\d{1,2})?$/', $entry) && !is_link($full_path) && is_file($full_path)) {
+				if(preg_match('/^php(\d{1,2}\.?\d{1,2})?$/', $entry) && file_exists($full_path)) {
 					$php_binaries[] = $entry;
 				}
 			}

server/plugins-available/cron_jailkit_plugin.inc.php

@@ -83,6 +83,8 @@ function insert($event_name, $data) {
 			LEFT JOIN server_php ON web_domain.server_php_id = server_php.server_php_id
 		WHERE web_domain.domain_id = ?", $data["new"]["parent_domain_id"]);
 
+		$this->parent_domain = $parent_domain;
+
 		if(!$parent_domain["domain_id"]) {
 			$app->log("Parent domain not found", LOGLEVEL_WARN);
 			return 0;
@@ -135,7 +137,7 @@ function insert($event_name, $data) {
 
 				$this->_add_jailkit_user();
 
-				$this->_setup_php_jailkit();
+				//$this->_setup_php_jailkit();
 
 				$command .= 'usermod -U ? 2>/dev/null';
 				$app->system->exec_safe($command, $parent_domain["system_user"]);
@@ -168,6 +170,8 @@ function update($event_name, $data) {
 			LEFT JOIN server_php ON web_domain.server_php_id = server_php.server_php_id
 		WHERE web_domain.domain_id = ?", $data["new"]["parent_domain_id"]);
 
+		$this->parent_domain = $parent_domain;
+
 		if(!$parent_domain["domain_id"]) {
 			$app->log("Parent domain not found", LOGLEVEL_WARN);
 			return 0;
@@ -191,14 +195,14 @@ function update($event_name, $data) {
 				$app->uses("getconf");
 				$this->data = $data;
 				$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
-				foreach (array('jailkit_chroot_app_sections', 'jailkit_chroot_app_programs') as $section) {
+				foreach(array('jailkit_chroot_app_sections', 'jailkit_chroot_app_programs') as $section) {
 					// Replace and don't inherit the server's Jailkit config
-					if (isset($parent_domain[$section]) && $parent_domain[$section] != '' ) {
+					if(isset($parent_domain[$section]) && $parent_domain[$section] != '' ) {
 						$this->jailkit_config[$section] = $parent_domain[$section];
 					}
 					// Add selected PHP version to the jailkit chroot
-					if ($section == 'jailkit_chroot_app_sections') {
-						if (isset($parent_domain['php_jk_section']) && $parent_domain['php_jk_section'] != '' ) {
+					if($section == 'jailkit_chroot_app_sections') {
+						if(isset($parent_domain['php_jk_section']) && $parent_domain['php_jk_section'] != '' ) {
 							$this->jailkit_config['jailkit_chroot_app_sections'] = $this->jailkit_config['jailkit_chroot_app_sections'] . ' ' . $parent_domain['php_jk_section'];
 							$jk_temp_config = preg_split('/[\s,]+/', $this->jailkit_config['jailkit_chroot_app_sections']);
 
@@ -217,7 +221,7 @@ function update($event_name, $data) {
 
 				$this->_add_jailkit_user();
 
-				$this->_setup_php_jailkit();
+				//$this->_setup_php_jailkit();
 
 				$this->_update_website_security_level();