Jail-shell is a linux security tool mainly using chroot, namespaces technologies, limiting users to perform specific commands, and access sepcific directories.
GNU General Public License v2.0
110
stars
20
forks
source link
php artisan commands not working in almalinux 8 and centos 7,8 #20
I jailed a user. The user has php binaries. So the php command works. But when I execute php artisan commands like 'php artisan serve' or 'php artisan optimize:clear' from that user's terminal, I get fatal error as shown below:
Fatal error: Uncaught ReflectionException: Class "config" does not exist in /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Container/Container.php:912
Stack trace:
#0 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Container/Container.php(912): ReflectionClass->__construct('config')
#1 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Container/Container.php(795): Illuminate\Container\Container->build('config')
#2 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(933): Illuminate\Container\Container->resolve('config', Array, true)
#3 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Container/Container.php(731): Illuminate\Foundation\Application->resolve('config', Array)
#4 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(918): Illuminate\Container\Container->make('config', Array)
#5 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Container/Container.php(1454): Illuminate\Foundation\Application->make('config')
#6 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Log/LogManager.php(544): Illuminate\Container\Container->offsetGet('config')
#7 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Log/LogManager.php(595): Illuminate\Log\LogManager->getDefaultDriver()
#8 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Log/LogManager.php(124): Illuminate\Log\LogManager->parseDriver(NULL)
#9 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Log/LogManager.php(665): Illuminate\Log\LogManager->driver()
#10 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php(287): Illuminate\Log\LogManager->error('Call to undefin...', Array)
#11 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php(250): Illuminate\Foundation\Exceptions\Handler->reportThrowable(Object(Error))
#12 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Foundation/Console/Kernel.php(522): Illuminate\Foundation\Exceptions\Handler->report(Object(Error))
#13 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Foundation/Console/Kernel.php(203): Illuminate\Foundation\Console\Kernel->reportException(Object(Error))
#14 /home/salman/public_html/your-project-name/artisan(35): Illuminate\Foundation\Console\Kernel->handle(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#15 {main}
Next Illuminate\Contracts\Container\BindingResolutionException: Target class [config] does not exist. in /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Container/Container.php:914
Stack trace:
#0 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Container/Container.php(795): Illuminate\Container\Container->build('config')
#1 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(933): Illuminate\Container\Container->resolve('config', Array, true)
#2 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Container/Container.php(731): Illuminate\Foundation\Application->resolve('config', Array)
#3 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(918): Illuminate\Container\Container->make('config', Array)
#4 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Container/Container.php(1454): Illuminate\Foundation\Application->make('config')
#5 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Log/LogManager.php(544): Illuminate\Container\Container->offsetGet('config')
#6 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Log/LogManager.php(595): Illuminate\Log\LogManager->getDefaultDriver()
#7 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Log/LogManager.php(124): Illuminate\Log\LogManager->parseDriver(NULL)
#8 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Log/LogManager.php(665): Illuminate\Log\LogManager->driver()
#9 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php(287): Illuminate\Log\LogManager->error('Call to undefin...', Array)
#10 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php(250): Illuminate\Foundation\Exceptions\Handler->reportThrowable(Object(Error))
#11 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Foundation/Console/Kernel.php(522): Illuminate\Foundation\Exceptions\Handler->report(Object(Error))
#12 /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Foundation/Console/Kernel.php(203): Illuminate\Foundation\Console\Kernel->reportException(Object(Error))
#13 /home/salman/public_html/your-project-name/artisan(35): Illuminate\Foundation\Console\Kernel->handle(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#14 {main}
thrown in /home/salman/public_html/your-project-name/vendor/laravel/framework/src/Illuminate/Container/Container.php on line 914
I faced this issue in almalinux 8, centos and ubuntu 18 but not in ubuntu 20.
Below is the user's jail config:```
List of basic directories
dir /root/ 0700 root:root
dir /dev/ 0755 root:root
dir /etc/ 0755 root:root
dir /home/ 0755 root:root
dir /proc/ 0755 root:root
dir /usr/bin 0755 root:root
dir /usr/sbin 0755 root:root
dir /usr/lib/ 0755 root:root
dir /usr/lib64/ 0755 root:root
dir /usr/share/terminfo 0755 root:root
dir /usr/lib/terminfo 0755 root:root
dir /var 0755 root:root
slink /usr/bin /bin
slink /usr/sbin /sbin
slink /usr/lib /lib
slink /usr/lib64 /lib64
I jailed a user. The user has php binaries. So the php command works. But when I execute php artisan commands like 'php artisan serve' or 'php artisan optimize:clear' from that user's terminal, I get fatal error as shown below:
I faced this issue in almalinux 8, centos and ubuntu 18 but not in ubuntu 20.
Below is the user's jail config:```
List of basic directories
dir /root/ 0700 root:root dir /dev/ 0755 root:root dir /etc/ 0755 root:root dir /home/ 0755 root:root dir /proc/ 0755 root:root dir /usr/bin 0755 root:root dir /usr/sbin 0755 root:root dir /usr/lib/ 0755 root:root dir /usr/lib64/ 0755 root:root dir /usr/share/terminfo 0755 root:root dir /usr/lib/terminfo 0755 root:root dir /var 0755 root:root slink /usr/bin /bin slink /usr/sbin /sbin slink /usr/lib /lib slink /usr/lib64 /lib64
basic configration files
clink /etc/alternatives /etc/alternatives clink /etc/named /etc/named clink /etc/pam.d /etc/pam.d clink /etc/pki /etc/pki clink /etc/security /etc/security clink /etc/ssh /etc/ssh clink /etc/ssl /etc/ssl clink /etc/systemd /etc/systemd clink /etc/terminfo /etc/terminfo clink /etc/aliases /etc/aliases clink /etc/bashrc /etc/bashrc clink /etc/crontab /etc/crontab clink /etc/fstab /etc/fstab clink /etc/inputrc /etc/inputrc clink /etc/ld.so.conf /etc/ld.so.conf clink /etc/nsswitch.conf /etc/nsswitch.conf clink /etc/localtime /etc/localtime clink /etc/mailips /etc/mailips clink /etc/my.cnf /etc/my.cnf clink /etc/hosts /etc/hosts clink /etc/hostname /etc/hostname clink /etc/services /etc/services clink /etc/virc /etc/virc clink /etc/shells /etc/shells
file /usr/local/jail-shell/misc/rootfs/etc/profile /etc/profile 0755 root:root
basic device files
clink /dev/null /dev/null clink /dev/zero /dev/zero clink /dev/ptmx /dev/ptmx clink /dev/urandom /dev/urandom clink /dev/tty /dev/tty clink /dev/tty1 /dev/tty1 clink /dev/tty2 /dev/tty2 clink /dev/tty3 /dev/tty3 slink /proc/self/fd/2 /dev/stderr slink /proc/self/fd/0 /dev/stdin slink /proc/self/fd/1 /dev/stdout
basic command list
clink /usr/bin/sh /usr/bin/sh clink /usr/bin/cat /usr/bin/cat clink /usr/bin/ls /usr/bin/ls clink /usr/bin/ps /usr/bin/ps clink /usr/bin/bash /usr/bin/bash clink /usr/bin/grep /usr/bin/grep clink /usr/bin/rm /usr/bin/rm clink /usr/bin/cp /usr/bin/cp clink /usr/bin/touch /usr/bin/touch clink /usr/bin/mv /usr/bin/mv clink /usr/bin/hostname /usr/bin/hostname clink /usr/bin/sed /usr/bin/sed clink /usr/bin/true /usr/bin/true clink /usr/bin/false /usr/bin/false clink /usr/bin/mkdir /usr/bin/mkdir clink /usr/bin/rmdir /usr/bin/rmdir clink /usr/bin/dd /usr/bin/dd clink /usr/bin/uname /usr/bin/uname clink /usr/bin/date /usr/bin/date clink /usr/bin/kill /usr/bin/kill clink /usr/bin/tar /usr/bin/tar clink /usr/bin/gzip /usr/bin/gzip clink /usr/bin/[ /usr/bin/[ clink /usr/bin/tail /usr/bin/tail clink /usr/bin/less /usr/bin/less clink /usr/bin/awk /usr/bin/awk clink /usr/bin/free /usr/bin/free clink /usr/bin/head /usr/bin/head clink /usr/bin/id /usr/bin/id clink /usr/bin/tee /usr/bin/tee clink /usr/bin/test /usr/bin/test clink /usr/bin/gawk /usr/bin/gawk clink /usr/bin/watch /usr/bin/watch clink /usr/bin/which /usr/bin/which clink /usr/bin/xargs /usr/bin/xargs clink /usr/bin/find /usr/bin/find clink /usr/bin/scp /usr/bin/scp clink /usr/bin/basename /usr/bin/basename clink /usr/bin/c++ /usr/bin/c++ clink /usr/bin/gcc /usr/bin/gcc clink /usr/bin/as /usr/bin/as clink /usr/bin/aulast /usr/bin/aulast clink /usr/bin/authselect /usr/bin/authselect clink /usr/bin/alias /usr/bin/alias clink /usr/bin/alt-mysql-reconfigure /usr/bin/alt-mysql-reconfigure clink /usr/bin/alt-php-mysql-reconfigure /usr/bin/alt-php-mysql-reconfigure clink /usr/bin/alt-php-mysql-reconfigure.py /usr/bin/alt-php-mysql-reconfigure.py clink /usr/bin/whatis /usr/bin/whatis clink /usr/bin/bg /usr/bin/bg clink /usr/bin/chage /usr/bin/chage clink /usr/bin/chattr /usr/bin/chattr clink /usr/bin/chgrp /usr/bin/chgrp clink /usr/bin/chmod /usr/bin/chmod clink /usr/bin/chown /usr/bin/chown clink /usr/bin/cmp /usr/bin/cmp clink /usr/bin/col /usr/bin/col clink /usr/bin/clear /usr/bin/clear clink /usr/bin/column /usr/bin/column clink /usr/bin/command /usr/bin/command clink /usr/bin/cpp /usr/bin/cpp clink /usr/bin/crontab /usr/bin/crontab clink /usr/bin/curl /usr/bin/curl clink /usr/bin/cut /usr/bin/cut clink /usr/bin/df /usr/bin/df clink /usr/bin/dig /usr/bin/dig clink /usr/bin/dirname /usr/bin/dirname clink /usr/bin/du /usr/bin/du clink /usr/bin/echo /usr/bin/echo clink /usr/bin/egrep /usr/bin/egrep clink /usr/bin/eject /usr/bin/eject clink /usr/bin/fold /usr/bin/fold clink /usr/bin/git /usr/bin/git clink /usr/bin/git-shell /usr/bin/git-shell clink /usr/bin/hash /usr/bin/hash clink /usr/bin/host /usr/bin/host clink /usr/bin/info /usr/bin/info clink /usr/bin/install /usr/bin/install clink /usr/bin/jobs /usr/bin/jobs clink /usr/bin/join /usr/bin/join clink /usr/bin/journalctl /usr/bin/journalctl clink /usr/bin/killall /usr/bin/killall clink /usr/bin/last /usr/bin/last clink /usr/bin/lastlog /usr/bin/lastlog clink /usr/bin/link /usr/bin/link clink /usr/bin/linux32 /usr/bin/linux32 clink /usr/bin/linux64 /usr/bin/linux64 clink /usr/bin/setarch /usr/bin/setarch clink /usr/bin/ln /usr/bin/ln clink /usr/bin/locale /usr/bin/locale clink /usr/bin/login /usr/bin/login clink /usr/bin/loginctl /usr/bin/loginctl clink /usr/bin/look /usr/bin/look clink /usr/bin/lynx /usr/bin/lynx clink /usr/bin/mail /usr/bin/mail clink /usr/bin/mailx /usr/bin/mailx clink /usr/bin/mailq /usr/bin/mailq clink /usr/bin/Mail /usr/bin/Mail clink /usr/bin/mailq.exim /usr/bin/mailq.exim clink /usr/bin/mailq.sendmail /usr/bin/mailq.sendmail clink /usr/bin/make /usr/bin/make clink /usr/bin/mailstat /usr/bin/mailstat clink /usr/bin/man /usr/bin/man clink /usr/bin/makedb /usr/bin/makedb clink /usr/bin/mount /usr/bin/mount clink /usr/bin/mknod /usr/bin/mknod clink /usr/bin/mysql /usr/bin/mysql clink /usr/bin/mysql_config_editor /usr/bin/mysql_config_editor clink /usr/bin/mysqladmin /usr/bin/mysqladmin clink /usr/bin/mysqlbinlog /usr/bin/mysqlbinlog clink /usr/bin/mysqlcheck /usr/bin/mysqlcheck clink /usr/bin/mysqldump /usr/bin/mysqldump clink /usr/bin/mysqlimport /usr/bin/mysqlimport clink /usr/bin/netstat /usr/bin/netstat clink /usr/bin/nslookup /usr/bin/nslookup clink /usr/bin/nohup /usr/bin/nohup clink /usr/bin/openssl /usr/bin/openssl clink /usr/bin/paste /usr/bin/paste clink /usr/bin/perl /usr/bin/perl clink /usr/bin/php /usr/bin/php clink /usr/bin/php-cgi /usr/bin/php-cgi clink /usr/bin/ping /usr/bin/ping clink /usr/bin/pkttyagent /usr/bin/pkttyagent clink /usr/bin/printf /usr/bin/printf clink /usr/bin/pwd /usr/bin/pwd clink /usr/bin/quota /usr/bin/quota clink /usr/bin/read /usr/bin/read clink /usr/bin/readlink /usr/bin/readlink clink /usr/bin/realpath /usr/bin/realpath clink /usr/bin/rmail /usr/bin/rmail clink /usr/bin/rpm /usr/bin/rpm clink /usr/bin/rsync /usr/bin/rsync clink /usr/bin/script /usr/bin/script clink /usr/bin/sftp /usr/bin/sftp clink /usr/bin/sort /usr/bin/sort clink /usr/bin/split /usr/bin/split clink /usr/bin/ssh /usr/bin/ssh clink /usr/bin/ssh-add /usr/bin/ssh-add clink /usr/bin/ssh-agent /usr/bin/ssh-agent clink /usr/bin/ssh-copy-id /usr/bin/ssh-copy-id clink /usr/bin/ssh-keygen /usr/bin/ssh-keygen clink /usr/bin/ssh-keyscan /usr/bin/ssh-keyscan clink /usr/bin/stty /usr/bin/stty clink /usr/bin/sleep /usr/bin/sleep clink /usr/bin/size /usr/bin/size clink /usr/bin/systemctl /usr/bin/systemctl clink /usr/bin/top /usr/bin/top clink /usr/bin/unlink /usr/bin/unlink clink /usr/bin/unzip /usr/bin/unzip clink /usr/bin/vi /usr/bin/vi clink /usr/bin/wget /usr/bin/wget clink /usr/bin/whereis /usr/bin/whereis clink /usr/bin/who /usr/bin/who clink /usr/bin/whoami /usr/bin/whoami clink /usr/bin/yum /usr/bin/yum
clink /usr/lib/systemd /usr/lib/systemd clink /usr/lib64/libnss_compat-2.28.so /usr/lib64/libnss_compat-2.28.so clink /usr/lib64/libnss_compat.so.2 /usr/lib64/libnss_compat.so.2 clink /usr/lib64/libnss_files-2.28.so /usr/lib64/libnss_files-2.28.so clink /usr/lib64/libnss_files.so.2 /usr/lib64/libnss_files.so.2 clink /usr/lib64/libnss_dns-2.28.so /usr/lib64/libnss_dns-2.28.so clink /usr/lib64/libnss_dns.so.2 /usr/lib64/libnss_dns.so.2
Base directory binding configuration
Set directory read-only, and prohibit device files
bind / ro,nodev,nosuid bind /dev ro,dev,noexec,nosuid
bind /usr/share/terminfo /usr/share/terminfo ro,nodev,nosuid bind /var /var ro,nodev,nosuid
bind /home/salman /home/salman rw,nodev,nosuid
system command list
this used for user to change password.
cmd /usr/bin/passwd /usr/bin/passwd -:-
Basic library list
dir /usr/lib64 0755 root:root dir /lib64 0755 root:root clink /lib64/libnss_compat.so.2 /lib64/libnss_compat.so.2 clink /lib64/libnss_files.so.2 /lib64/libnss_files.so.2 clink /lib64/libnss_dns.so.2 /lib64/libnss_dns.so.2