Here, we are trying to explain the most common issues that are encountered on systems, which use a jailed shell environment on a Virtuozzo or OpenVZ VPS (Virtual Private Server).
A VPS is a Virtual Private Server. In the context of web hosting, it is used as a web server to store/host the files of various websites. Web servers are a key component of the service of web hosting, which is meant to render websites accessible over the Internet. A web server stores the files of websites, ensures their availability at all times, and delivers those files over the Internet to clients (browsers and mobile applications) when requests are received by the servers from these clients for the content of websites. In a nutshell, a web server, including a VPS, accepts and fulfils clients’ requests, in the form of http (Hypertext Transfer Protocol) messages by delivering stored web content. In this way, web servers that are made available through web hosting, ensure that websites are always up and running and easily accessible over the Internet.
When it comes to web hosting, this professional service is provided through different hosting plans by web hosting companies that have the technical expertise to provide high uptime along with all the other essential features that ensure seamless accessibility of websites.
Web hosting has many types. These are dedicated, reseller, shared, cloud, WordPress, and VPS. VPS refers to the servers that are used for hosting websites. Website owners are always looking for the best quality of service at the most affordable prices, and hence, they opt for reputable web hosting service providers, such as HTS Hosting, which is frequently referred to as the “Best Website Hosting Company” and as the “Top Cloud Hosting Company” globally.
Let us explore VPS in greater detail, before touching upon the process to Troubleshoot Jailshell Problems on a Virtuozzo or OpenVZ VPS.
Virtual Private Servers
As mentioned previously, a Virtual Private Server (VPS) is a type of a web server. These servers can be availed through various hosting plans of any reliable web hosting company, and are made available in the form of either a managed service or an unmanaged service.
Virtualization technology is used by a VPS. It runs its copy of an OS (Operating System). A VPS provides dedicated resources individually to each of the numerous users hosted in a shared server environment. In it, the environment of a dedicated server is virtually mimicked within a host/parent server (shared server). This enables multiple clients to utilise the isolated instances of the same parent server. A Virtual Private Server is software-defined. Hence, it can be created and configured easily as well as quickly. Even when multiple virtual servers exist in a shared environment in a VPS, these remain separate from each other, owing to a virtual layer that is present atop the operating system. The software, Hypervisor, enables the segmentation of these virtual servers. Hence, each virtual server that exists in this shared environment in a VPS, gets its own operating system and software.
Now that you understand what a VPS is essentially, let us proceed to our main topic. In that context, let us first talk about user and mount limits.
User and mount limits
A maximum of 256 jailshell users are supported on a system, which uses the Apache mod_ruid2 module; by CentOS 6 and older versions. If this limit is encountered, then there is a need to consider an upgrade to a newer OS. Performance as well as connection issues have been reported with regard to attempts that have been made to mount more than 4000 targets in a Virtuozzo environment. When this limit is encountered, and one still requires a large number of Jailshelled users, one needs to consider a different virtualization platform.
Full /proc mount for jailed shell users
The users on a server might have a full /proc mount, rather than limited, despite you selecting a limited /proc option for the Jailed /proc mount method in WHM ‘s Tweak Settings interface’s System section. WHM >> Home >> Server >> Configuration >> Tweak Settings. Due to this issue, jailed shell users are able to view the complete process list on the server.
If you need to verify whether this issue exists on your server, you should carry out the following steps-
SSH in to the server. This needs to be done as a jailed shell user.
Run the ps axu command.
If this command returns the entire process list for the server, then the user has a full /proc mount.
So, why does this problem occur? The reason for this issue is that the clone() system call didn’t accept the CLONE_NEWPID flag. The sys_admin capability needs to be set to on, for the clone() system call to handle this flag correctly. The below-mentioned command needs to be run, for setting the sys_admin capability to on.
vzctl set CTID --save --capability sys_admin:on
Unable to set uids error
The system might return an error when users try to access the jailed shell environment. This error is as follows:
Unable to set uids
What causes this problem is usually a conflict with custom hard nproc settings in the
/etc/security/limits.conf file. These settings’ custom values might also create issues in account creation. You need to revert the hard nproc settings to their default values, in order to resolve this issue.
MySQL connection errors
Sites can return MySQL connection errors when one enables the Jail Apache Virtual Hosts with the aid of mod_ruid2 and cPanel Jailshell setting in the Tweak Settings interface in WHM. WHM >> Home >> Server Configuration >> Tweak Settings.
The cause of this problem is usually a restriction of the loop device limit within OpenVZ. Hence, you need to carry out the below-mentioned steps, in order to increase the loop device limit.
Add max_loop=256 as a kernel parameter, in the /etc/grub.conf file.
Reboot the server.
Now the following command needs to be run:
/sbin/MAKEDEV -v /dev/loop
Next, these steps need to be repeated for the VPS container, and for the VPS node.
Comments