Richard G
Verified User
Now I'm totally confused. My users don't have SSH so they don't use commands in CLI, or maybe via php file but the docs and describtion makes it too confusing for me now.
What does the "jailed home" option do exactly?
- Thread starter Richard G
- Start date
zEitEr
Super Moderator
Think of it as living in a separate house instead of a condominium 
Why not use php-fpm's chroot directive for this? That's already built into php-fpm.
You have bubblewrap already.
You'd just have to build a chroot'd directory environment for every user and then set each user's php-fpm pool to their respective chroot'd directory.
I haven't had a chance to test any of this, but I'd think the memory requirements would be a lot less.
You have bubblewrap already.
You'd just have to build a chroot'd directory environment for every user and then set each user's php-fpm pool to their respective chroot'd directory.
I haven't had a chance to test any of this, but I'd think the memory requirements would be a lot less.
zEitEr
Super Moderator
+ it is not as nice as separate php-fpm master processes with complete isolation using namespaces, and dedicated process management inside their own cgroups
I didn't use the jail function yet.
However, I think you could use the jail function if your users are able to use cronjobs.
Our clients can't use cronjobs either. I configure cronjobs if they ever need it using wget via a seperate account.
I would like to add, if I am correct, see the jail function as a binary that runs before bash (or the shell).
It starts when the user log's in (via ssh, cronjobs).
It does not have any effect on PHP-fpm.
Kind regards
Dries