What does the "jailed home" option do exactly?

Now I'm totally confused. My users don't have SSH so they don't use commands in CLI, or maybe via php file but the docs and describtion makes it too confusing for me now.
 
Why not use php-fpm's chroot directive for this? That's already built into php-fpm.

You have bubblewrap already.

You'd just have to build a chroot'd directory environment for every user and then set each user's php-fpm pool to their respective chroot'd directory.

I haven't had a chance to test any of this, but I'd think the memory requirements would be a lot less.
 
sparek said:
Why not use php-fpm's chroot directive for this? That's already built into php-fpm.

You have bubblewrap already.

You'd just have to build a chroot'd directory environment for every user and then set each user's php-fpm pool to their respective chroot'd directory.

I haven't had a chance to test any of this, but I'd think the memory requirements would be a lot less.
Click to expand...

PHP :: Bug #55322 :: Apache : TRANSLATED_PATH doesn't consider chroot

bugs.php.net bugs.php.net

PHP :: Bug #62279 :: PHP-FPM chroot never-solved problems (extends #55322)

bugs.php.net bugs.php.net

+ it is not as nice as separate php-fpm master processes with complete isolation using namespaces, and dedicated process management inside their own cgroups :)
 
Richard G said:
Now I'm totally confused. My users don't have SSH so they don't use commands in CLI, or maybe via php file but the docs and describtion makes it too confusing for me now.
Click to expand...

I didn't use the jail function yet.
However, I think you could use the jail function if your users are able to use cronjobs.
Our clients can't use cronjobs either. I configure cronjobs if they ever need it using wget via a seperate account.

I would like to add, if I am correct, see the jail function as a binary that runs before bash (or the shell).
It starts when the user log's in (via ssh, cronjobs).
It does not have any effect on PHP-fpm.

Kind regards
Dries
 
smtalk said:

PHP :: Bug #55322 :: Apache : TRANSLATED_PATH doesn't consider chroot

bugs.php.net bugs.php.net

PHP :: Bug #62279 :: PHP-FPM chroot never-solved problems (extends #55322)

bugs.php.net bugs.php.net

+ it is not as nice as separate php-fpm master processes with complete isolation using namespaces, and dedicated process management inside their own cgroups :)
Click to expand...
I just worry that every user having their own systemd php-fpm configuration is an over complication of the setup. And the more complex something is, move one rock and the whole building falls down.

But as long as you aren't forcing this on people, I guess there's no harm or foul.
 
You must log in or register to reply here.
Back
Top