{"id":356,"date":"2021-07-23T12:28:23","date_gmt":"2021-07-23T12:28:23","guid":{"rendered":"https:\/\/ssdsunucum.com\/blog\/how-to-troubleshoot-jailshell-problems-on-a-virtuozzo-or-openvz-vps\/"},"modified":"2021-07-23T12:28:23","modified_gmt":"2021-07-23T12:28:23","slug":"how-to-troubleshoot-jailshell-problems-on-a-virtuozzo-or-openvz-vps","status":"publish","type":"post","link":"https:\/\/ssdsunucum.com\/blog\/how-to-troubleshoot-jailshell-problems-on-a-virtuozzo-or-openvz-vps\/","title":{"rendered":"How to Troubleshoot Jailshell Problems on a Virtuozzo or OpenVZ VPS"},"content":{"rendered":"<\/p>\n
\n
<\/div>\n
\n

Overview<\/h2>\n

This document explains common problems that occur on systems that use a jailed shell environment on a Virtuozzo or OpenVZ virtual private server (VPS).<\/p>\n

User and mount limits<\/h2>\n

CentOS 6 and older support a maximum of only<\/strong> 256 jailshell users on a system that uses the Apache mod_ruid2 module. If you encounter this limit, you should consider an upgrade to a newer operating system.<\/p>\n

Some customers have reported performance and connection issues when they attempt to mount more than 4000 targets in a Virtuozzo environment. If you encounter this limit and still require a large number of jailshelled users, you should consider a different virtualization platform.<\/p>\n

Full \/proc mount for jailed shell users<\/h2>\n

Users on a server may have a full, rather than limited, \/proc<\/code> mount, even though you select a limited \/proc<\/code> option for the Jailed \/proc<\/code> mount method in the System section of WHM\u2019s Tweak Settings<\/em> interface (WHM >> Home >> Server Configuration >> Tweak Settings<\/em>). This issue allows jailed shell users to view the complete process list on the server.<\/p>\n

To verify whether this problem exists on your server, perform the following steps:<\/p>\n

    \n
  1. SSH in to the server as a jailed shell user.<\/li>\n
  2. Run the ps axu<\/code> command.<\/li>\n<\/ol>\n

    If the command returns the complete process list for the server, the user has a full \/proc<\/code> mount.<\/p>\n

    This problem occurs because the clone()<\/code> system call did not accept the CLONE_NEWPID<\/code> flag. You must<\/strong> set the sys_admin<\/code> capability to on for the clone()<\/code> system call to handle this flag correctly.<\/p>\n

    \n
    Warning:<\/div>\n
    \n Parallels support does not<\/strong> recommend that you set the sys_admin<\/code> capability to on on production servers. This setting may result in stability issues, but namespace management requires<\/strong> it. Namespace management in containers can lead to crashed nodes. Therefore, the related functionality is restricted in the kernel to improve stability. cPanel, L.L.C. is not responsible<\/strong> for problems that result from this workaround.\n <\/div>\n<\/div>\n

    To set the sys_admin<\/code> capability to on, run the following command: <\/p>\n

    \n
    vzctl set CTID --<\/span>save --<\/span>capability sys_admin:on<\/code><\/pre>\n<\/div>\n
    Unable to set uids error<\/h2>\n
    The system may return the following error when users attempt to access the jailed shell environment: <\/p>\n
    \n
    Unable to set uids<\/code><\/pre>\n<\/div>\n
    This problem generally occurs due to a conflict with custom hard nproc<\/code> settings in the \/etc\/security\/limits.conf<\/code> file. Custom values for these settings may also cause problems with account creation.<\/p>\n
    To resolve this issue, revert the hard nproc<\/code> settings to their default values.<\/p>\n
    MySQL\u00ae connection errors<\/h2>\n
    Sites may return MySQL connection errors when you enable the _Jail Apache Virtual Hosts using modruid2 and cPanel\u00ae jailshell<\/em> setting in WHM\u2019s Tweak Settings<\/em> interface (WHM >> Home >> Server Configuration >> Tweak Settings<\/em>).<\/p>\n
    This problem generally occurs due to a restriction of the loop device limit within OpenVZ.<\/p>\n
    To resolve this issue, perform the following steps to increase the loop device limit:<\/p>\n
      \n
    1. In the \/etc\/grub.conf<\/code> file, add max_loop=256<\/code> as a kernel parameter.<\/li>\n
    2. Reboot the server.<\/li>\n
    3. \n
      Run the following command: <\/p>\n
      \n
      \/sbin\/<\/span>MAKEDEV -<\/span>v \/dev\/<\/span>loop<\/code><\/pre>\n<\/div>\n<\/li>\n
    4. \n
      Repeat these steps for the VPS node and VPS container.<\/p>\n<\/li>\n<\/ol><\/div>\n","protected":false},"excerpt":{"rendered":"
      Overview This document explains common problems that occur on systems that use a jailed shell environment on a Virtuozzo or OpenVZ virtual private server (VPS). User and mount limits CentOS 6 and older support a maximum of only 256 jailshell users on a system that uses the Apache mod_ruid2 module. If you encounter this limit, …<\/p>\n","protected":false},"author":1,"featured_media":357,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/356"}],"collection":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/comments?post=356"}],"version-history":[{"count":0,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/356\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media\/357"}],"wp:attachment":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media?parent=356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/categories?post=356"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/tags?post=356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}