Bobcares

Jailshell Problems on a Virtuozzo or OpenVZ VPS

by | Mar 13, 2022

Wondering how to troubleshoot Jailshell Problems on a Virtuozzo or OpenVZ VPS? We can help you.

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.

Let’s take a look at how our Support Team help a customer  deal with this VPS query.

 

How to troubleshoot Jailshell Problems on a Virtuozzo or OpenVZ VPS?

Today, let us see the troubleshooting steps followed by our Support Techs

 

User and mount limits

CentOS 6 and older support a maximum of only 256 jailshell users on a system that uses the Apache mod_ruid2 module.

If you encounter this limit, you should consider an upgrade to a newer operating system.

Some customers have report performance and connection issues when they attempt to mount more than 4000 targets in a Virtuozzo environment.

If you encounter this limit and still require a large number of jailshelled users, you should consider a different virtualization platform.

 

Full /proc mount for jailed shell users

Users on a server may have a full, rather than limited, /proc mount, even though you select a limited /proc option for the Jailed /proc mount method in the System section of WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings).

This issue allows jailed shell users to view the complete process list on the server.

To verify whether this problem exists on your server, perform the following steps:

1. Firstly, SSH in to the server as a jailed shell user.
2. Then, run the ps axu command.

If the command returns the complete process list for the server, the user has a full /proc mount.

This problem occurs because the clone() system call did not accept the CLONE_NEWPID flag.

You must set the sys_admin capability to on for the clone() system call to handle this flag correctly.

Warning:

Parallels support does not recommend that you set the sys_admin capability to on on production servers.

This setting may result in stability issues, but namespace management requires it.

Namespace management in containers can lead to crashed nodes.

Therefore, the related functionality is restricted in the kernel to improve stability.

cPanel, L.L.C. is not responsible for problems that result from this workaround.

To set the sys_admin capability to on, run the following command:

vzctl set CTID –save –capability sys_admin:on

 

Unable to set uids error

The system may return the following error when users attempt to access the jailed shell environment:

Unable to set uids

This problem generally occurs due to a conflict with custom hard nproc settings in the /etc/security/limits.conf file.

Custom values for these settings may also cause problems with account creation.

To resolve this issue, revert the hard nproc settings to their default values.

MySQL connection errors

Sites may return MySQL connection errors when you enable the _Jail Apache Virtual Hosts using modruid2 and cPanel® jailshell setting in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings).

This problem generally occurs due to a restriction of the loop device limit within OpenVZ.

To resolve this issue, perform the following steps to increase the loop device limit:

1. In the /etc/grub.conf file, add max_loop=256 as a kernel parameter.
2. Then, reboot the server.
3. Finally, run the following command:

/sbin/MAKEDEV -v /dev/loop

Repeat these steps for the VPS node and VPS container.

 

[Need a solution to another query? We are just a click away.]

 

Conclusion

Today, we saw steps followed by our Support Engineers to troubleshoot Jailshell Problems on a Virtuozzo or OpenVZ VPS

 

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.